CVE-2024-28960

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-28960
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28960.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-28960
Downstream
Related
Published
2024-03-29T06:15:07.270Z
Modified
2025-12-11T02:05:19.726615Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

References

Affected packages

Git / github.com/armmbed/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/armmbed/mbedtls
Events
Introduced
fbb9837ad56e327f22c6b155e7b2fce796723e33
Fixed
5a764e5555c64337ed17444410269ff21cb617b1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28960.json"

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Introduced
8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b
Fixed
2ca6c285a0dd3f33982dd57299012dacab1ff206

Affected versions

mbedtls-3.*

mbedtls-3.0.0
mbedtls-3.1.0
mbedtls-3.2.0
mbedtls-3.2.1
mbedtls-3.3.0
mbedtls-3.4.0
mbedtls-3.4.1
mbedtls-3.5.0
mbedtls-3.5.1
mbedtls-3.5.2

v3.*

v3.0.0
v3.1.0
v3.2.0
v3.2.1
v3.3.0
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.5.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28960.json"