Lucene search
GoogleOSV:CVE-2021-3446HistoryMar 25, 2021 - 7:15 p.m.
CVE-2021-3446
2021-03-2519:15:14
Google
osv.dev
7
vulnerability
libtpms
openssl
symmetric ciphers
data confidentiality
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
Related
cvelist
cvelist
CVE-2021-3446
2021-03-25 18:45:25
openvas
openvas
Fedora: Security Advisory for libtpms (FEDORA-2021-8b584e5ebb)
2021-03-20 00:00:00
Mageia: Security Advisory (MGASA-2021-0590)
2022-01-28 00:00:00
nvd
nvd
CVE-2021-3446
2021-03-25 19:15:14
redhatcve
redhatcve
CVE-2021-3446
2021-03-16 20:29:01
prion
prion
Design/Logic Flaw
2021-03-25 19:15:00
ubuntucve
ubuntucve
CVE-2021-3446
2021-03-25 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: libtpms-0.8.2-0.20210301git729fc6a4ca.fc34.1
2021-03-19 20:24:24
debiancve
debiancve
CVE-2021-3446
2021-03-25 19:15:14
cve
cve
CVE-2021-3446
2021-03-25 19:15:14
nessus
nessus
RHEL 8 : 8.3_libtpms (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : libtpms (Unpatched Vulnerability)
2024-05-11 00:00:00
mageia
mageia
Updated libtpms/swtpm packages fix security vulnerability
2021-12-30 19:41:51