CVE-2024-28960

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-28960

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28960.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-28960

Downstream

ALPINE-CVE-2024-28960

DEBIAN-CVE-2024-28960

JLSEC-2025-225

UBUNTU-CVE-2024-28960

openSUSE-SU-2024:13813-1

Related

Published

2024-03-29T06:15:07.270Z

Modified

2025-12-05T21:14:22.416143Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

References

Affected packages

Git / github.com/armmbed/mbedtls

Affected ranges

Type: GIT
Repo: https://github.com/armmbed/mbedtls
Events: Introduced

fbb9837ad56e327f22c6b155e7b2fce796723e33

Fixed

5a764e5555c64337ed17444410269ff21cb617b1

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type: GIT
Repo: https://github.com/mbed-tls/mbedtls
Events: Introduced

8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b

Fixed

2ca6c285a0dd3f33982dd57299012dacab1ff206

Affected versions

mbedtls-3.*

mbedtls-3.0.0

mbedtls-3.1.0

mbedtls-3.2.0

mbedtls-3.2.1

mbedtls-3.3.0

mbedtls-3.4.0

mbedtls-3.4.1

mbedtls-3.5.0

mbedtls-3.5.1

mbedtls-3.5.2

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.2.1

v3.3.0

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.5.2