Sensitive Information Disclosure

🗓️ 03 Apr 2024 12:15:11Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 31 Views

libmbedtls.so vulnerability, PSA Crypto API inadequate memory handling

Reporter	Title	Published	Views	Family All 54
AlpineLinux	CVE-2024-28960	29 Mar 202400:00	–	alpinelinux
AstraLinux	Astra Linux – Vulnerability in mbedtls	26 Jun 202413:32	–	astralinux
BDU FSTEC	The vulnerability of the PSA Crypto application programming interface, as well as the Mbed TLS and Mbed Crypto software, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of data.	2 Apr 202400:00	–	bdu_fstec
CBLMariner	CVE-2024-28960 affecting package hvloader for versions less than 1.0.1-6	27 Nov 202421:27	–	cbl_mariner
CNNVD	Mbed TLS 安全漏洞	29 Mar 202400:00	–	cnnvd
CVE	CVE-2024-28960	29 Mar 202400:00	–	cve
Cvelist	CVE-2024-28960	29 Mar 202400:00	–	cvelist
Debian CVE	CVE-2024-28960	29 Mar 202400:00	–	debiancve
Fedora	[SECURITY] Fedora 40 Update: mbedtls-2.28.8-1.fc40	19 Apr 202421:40	–	fedora
Fedora	[SECURITY] Fedora 39 Update: mbedtls-2.28.8-1.fc39	17 Apr 202402:19	–	fedora

Vulners

Node

mbedtls mbedtlsMatch2.28.5-r0cpp

AND

mbedtls mbedtlsMatch2.28.7-r0cpp

AND

mbedtls mbedtlsMatch2.28.4-r0cpp

AND

mbedtls mbedtlsMatch2.28.3-r1cpp

AND

alpinelinux alpine_linuxMatch3.18

mbedtls mbedtlsMatch2.28.3-r3cpp

AND

mbedtls mbedtlsMatch2.16.5-r0cpp

AND

mbedtls mbedtlsMatch2.16.10-r1cpp

AND

mbedtls mbedtlsMatch2.28.6-r0cpp

AND

mbedtls mbedtlsMatch2.28.5-r0cpp

AND

mbedtls mbedtlsMatch2.28.0-r0cpp

AND

mbedtls mbedtlsMatch2.28.3-r2cpp

AND

mbedtls mbedtlsMatch2.16.6-r0cpp

AND

mbedtls mbedtlsMatch2.28.3-r1cpp

AND

mbedtls mbedtlsMatch2.16.12-r0cpp

AND

mbedtls mbedtlsMatch2.28.1-r0cpp

AND

mbedtls mbedtlsMatch2.28.3-r0cpp

AND

mbedtls mbedtlsMatch2.16.9-r0cpp

AND

mbedtls mbedtlsMatch2.28.4-r0cpp

AND

mbedtls mbedtlsMatch2.28.1-r1cpp

AND

mbedtls mbedtlsMatch2.16.10-r0cpp

AND

mbedtls mbedtlsMatch2.16.3-r0cpp

AND

mbedtls mbedtlsMatch2.28.7-r0cpp

AND

mbedtls mbedtlsMatch2.28.2-r0cpp

AND

alpinelinux alpine_linuxMatchedge

mbedtls mbedtlsMatch2.28.5-r0cpp

AND

mbedtls mbedtlsMatch2.28.2-r0cpp

AND

mbedtls mbedtlsMatch2.28.4-r0cpp

AND

mbedtls mbedtlsMatch2.28.1-r0cpp

AND

mbedtls mbedtlsMatch2.28.3-r0cpp

AND

mbedtls mbedtlsMatch2.28.7-r0cpp

AND

alpinelinux alpine_linuxMatch3.17

mbedtls mbedtlsMatch2.28.5-r0cpp

AND

mbedtls mbedtlsMatch2.28.1-r0cpp

AND

mbedtls mbedtlsMatch2.28.3-r0cpp

AND

mbedtls mbedtlsMatch2.28.0-r0cpp

AND

mbedtls mbedtlsMatch2.28.2-r0cpp

AND

mbedtls mbedtlsMatch2.28.4-r0cpp

AND

mbedtls mbedtlsMatch2.28.7-r0cpp

AND

alpinelinux alpine_linuxMatch3.16

mbedtls mbedtlsMatch2.28.6-r0cpp

AND

mbedtls mbedtlsMatch2.28.5-r0cpp

AND

mbedtls mbedtlsMatch2.28.7-r0cpp

AND

alpinelinux alpine_linuxMatch3.19

libmbedtls.so libmbedtls.soRange2.28.0–2.28.7-2.28.7-1.el8.x86_64.debugcpp

Source	Link
github	www.github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
mbed-tls	www.mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/

03 Jul 2024 05:26Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.18.2

EPSS0.0084

SSVC