An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
[
{
"cpes": [
"cpe:2.3:a:mbed:mbedtls:2.18.0:*:*:*:*:*:*:*"
],
"vendor": "mbed",
"product": "mbedtls",
"versions": [
{
"status": "affected",
"version": "2.18.0",
"lessThan": "2.28.8",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:mbed:mbedtls:*:*:*:*:*:*:*:*"
],
"vendor": "mbed",
"product": "mbedtls",
"versions": [
{
"status": "affected",
"version": "3.x",
"lessThan": "3.6.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:mbed:mbedcrypto:*:*:*:*:*:*:*:*"
],
"vendor": "mbed",
"product": "mbedcrypto",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]
github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/
mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/