A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1939664 | Issue Tracking Patch Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1939664 | Issue Tracking Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 06:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1939664 - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2021-03-25 19:15
Updated : 2024-11-21 06:21
NVD link : CVE-2021-3446
Mitre link : CVE-2021-3446
CVE.ORG link : CVE-2021-3446
JSON object : View
Products Affected
libtpms_project
- libtpms
fedoraproject
- fedora
redhat
- enterprise_linux