Mbed TLS Shared Memory Mishandling Vulnerability
CVE-2024-28960

Currently unrated

Key Information:

Vendor: Mbed TLS
Status: Mbed Tls; Mbed Crypto
Vendor: CVE Published:; 29 March 2024

What is CVE-2024-28960?

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

References

https://mbed-tls.readthedocs.io/en/latest/tech-updates/se...

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/securi...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Mar 13, 2024