CVE-2024-28960
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-28960
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28960.json
- Published
- 2024-03-29T06:15:07Z
- Modified
- 2024-04-20T02:05:37.102631Z
- Details
-
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
- References
-
- https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/
Affected packages
Alpine:v3.16 / mbedtls
Package
- Name
- mbedtls
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed2.28.8-r0
Affected versions
2.*
2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r1
2.28.1-r1
2.28.2-r1
2.28.3-r1
2.28.4-r1
2.28.5-r1
2.28.7-r1
Alpine:v3.17 / mbedtls
Package
- Name
- mbedtls
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed2.28.8-r0
Affected versions
2.*
2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r1
2.28.1-r1
2.28.2-r1
2.28.3-r1
2.28.4-r1
2.28.5-r1
2.28.7-r1
Alpine:v3.18 / mbedtls
Package
- Name
- mbedtls
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed2.28.8-r0
Affected versions
2.*
2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r0
2.28.1-r0
2.28.1-r1
2.28.2-r0
2.28.3-r0
2.28.3-r1
2.28.4-r1
2.28.5-r1
2.28.7-r1
Alpine:v3.19 / mbedtls
Package
- Name
- mbedtls
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed2.28.8-r0
Affected versions
2.*
2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r0
2.28.1-r0
2.28.1-r1
2.28.2-r0
2.28.3-r0
2.28.3-r1
2.28.3-r2
2.28.3-r3
2.28.4-r3
2.28.5-r3
2.28.6-r3
2.28.7-r3