Home > Vulnerability Database > CVE-2024-28960

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-28960

Good to know:

Date: March 28, 2024

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

Language: C

Severity Score

5.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-28960

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/

Url: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/

Url: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

Url: https://www.mend.io/vulnerability-database/CVE-2024-28960

Severity Score

5.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v2.28.8,v3.6.0

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Do you need more information?

Contact Us