CVE-2024-28960
HIGH8.2EPSS 0.15%Published: 3/29/2024Modified: 12/3/2025
Also known as:ALPINE-CVE-2024-28960
Description
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
Affected packages (2)
- Alpine/mbedtlsfrom 0, < 2.28.8-r0
- Debian/mbedtlsfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |