Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-28960HistoryMar 29, 2024 - 6:15 a.m.
CVE-2024-28960
2024-03-2906:15:07
Alpine Linux Development Team
security.alpinelinux.org
12
mbed tls
mbed crypto
psa crypto api
memory mishandling
cve-2024-28960
unix
CVSS3
8.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
AI Score
7.5
Confidence
High
EPSS
0
Percentile
15.5%
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | mbedtls2 | < 2.28.8-r0 | UNKNOWN |
| Alpine | edge-main | noarch | mbedtls | < 2.28.8-r0 | UNKNOWN |
| Alpine | 3.16-main | noarch | mbedtls | < 2.28.8-r0 | UNKNOWN |
| Alpine | 3.17-main | noarch | mbedtls | < 2.28.8-r0 | UNKNOWN |
| Alpine | 3.18-main | noarch | mbedtls | < 2.28.8-r0 | UNKNOWN |
| Alpine | 3.19-main | noarch | mbedtls | < 2.28.8-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | mbedtls2 | < 2.28.8-r0 | UNKNOWN |
| Alpine | 3.20-main | noarch | mbedtls | < 2.28.8-r0 | UNKNOWN |
Related
fedora
fedora
[SECURITY] Fedora 38 Update: mbedtls-2.28.8-1.fc38
2024-04-17 02:11:52
[SECURITY] Fedora 39 Update: mbedtls-2.28.8-1.fc39
2024-04-17 02:19:23
[SECURITY] Fedora 40 Update: mbedtls-2.28.8-1.fc40
2024-04-19 21:40:27
ubuntucve
ubuntucve
CVE-2024-28960
2024-03-29 00:00:00
cve
cve
CVE-2024-28960
2024-03-29 06:15:07
osv
osv
libmbedcrypto7-2.28.8-1.1 on GA media
2024-06-15 00:00:00
CVE-2024-28960
2024-03-29 06:15:07
nvd
nvd
CVE-2024-28960
2024-03-29 06:15:07
veracode
veracode
Sensitive Information Disclosure
2024-04-03 12:15:11
cvelist
cvelist
CVE-2024-28960
2024-03-29 00:00:00
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-a23b5f0783)
2024-05-27 00:00:00
Fedora: Security Advisory for mbedtls (FEDORA-2024-1249d56928)
2024-05-27 00:00:00
Mageia: Security Advisory (MGASA-2024-0146)
2024-04-26 00:00:00
nessus
nessus
Fedora 38 : mbedtls (2024-1249d56928)
2024-04-17 00:00:00
Fedora 40 : mbedtls (2024-a23b5f0783)
2024-04-29 00:00:00
Fedora 39 : mbedtls (2024-666210bd74)
2024-04-17 00:00:00
redhatcve
redhatcve
CVE-2024-28960
2024-03-29 09:31:10
mageia
mageia
Updated mbedtls packages fix security vulnerability
2024-04-25 19:00:30
vulnrichment
vulnrichment
CVE-2024-28960
2024-03-29 00:00:00
debiancve
debiancve
CVE-2024-28960
2024-03-29 06:15:07
redos
redos
ROS-20240503-04
2024-05-03 00:00:00
CVSS3
8.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
AI Score
7.5
Confidence
High
EPSS
0
Percentile
15.5%
Related for ALPINE:CVE-2024-28960