CVE-2021-3505

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3505

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3505.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3505

Related

Published

2021-04-19T21:15:13Z

Modified

2025-01-14T09:20:17.539422Z

Downstream

openSUSE-SU-2024:11004-1

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

References

Affected packages

Debian:12 / libtpms

Package

Name: libtpms
Purl: pkg:deb/debian/libtpms?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0~dev1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libtpms

Package

Name: libtpms
Purl: pkg:deb/debian/libtpms?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0~dev1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/stefanberger/libtpms

Affected ranges

Type: GIT
Repo: https://github.com/stefanberger/libtpms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3fd4b94903061e156e64dc6a738237df2aebba09

Affected versions

v0.*

v0.5.2

v0.5.2.1

v0.6.0

v0.7.0