A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1939664 | Issue Tracking Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-03-25 19:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-3446
Mitre link : CVE-2021-3446
CVE.ORG link : CVE-2021-3446
JSON object : View
Products Affected
libtpms_project
- libtpms
redhat
- enterprise_linux
fedoraproject
- fedora