VDB
CVE-2024-28960
CVE-2024-28960
PUBLISHED
CVSS 8.199999809265137 HIGH
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
EPSS 0.15% · 35.3th percentile
Risk Scores
CVSS v3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score
0.15%
35.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| arm | mbed_tls | 2.1.8, 3.0.0 |
| mbed | mbedcrypto | * |
| n/a | n/a | n/a |
| fedoraproject | fedora | 38, 39, 40 |
| mbed | mbedtls | 3.x, 2.18.0 |
| arm | mbed_crypto | 0 |
Timeline
- Mar 29, 2024 CVE Published
- Mar 29, 2024 EPSS Score
- Apr 23, 2024 EPSS Score
- May 19, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 10, 2024 EPSS Score
- Aug 4, 2024 EPSS Score
- Aug 30, 2024 EPSS Score
- Sep 24, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Nov 14, 2024 EPSS Score
- Dec 11, 2024 EPSS Score
References
- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ url
- https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md url
- FEDORA-2024-666210bd74 vendor-advisory
- FEDORA-2024-1249d56928 vendor-advisory
- FEDORA-2024-a23b5f0783 vendor-advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/ url
- https://nvd.nist.gov/vuln/detail/CVE-2024-28960 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6 url
- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories url