Mbed TLS Shared Memory Mishandling Vulnerability
CVE-2024-28960

8.2HIGH

Key Information:

Vendor

Mbed TLS

Status
Mbed Tls
Mbed Crypto
Vendor
CVE Published:
29 March 2024

What is CVE-2024-28960?

A vulnerability has been identified in Mbed TLS versions ranging from 2.18.0 to 2.28.x, as well as the 3.x versions prior to 3.6.0, affecting the PSA Crypto API. This issue revolves around the improper handling of shared memory, which may lead to unauthorized access or manipulation of sensitive data. It is critical for users of the affected versions to apply necessary updates to safeguard their systems against potential exploitation.

References

https://mbed-tls.readthedocs.io/en/latest/tech-updates/se...
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/securi...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.