Published: 25/03/2021 Updated: 27/10/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

A flaw was found in libtpms in versions prior to 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtpms project libtpms
redhat enterprise linux 8.0
fedoraproject fedora 33

Debian Bug report logs - #986799 CVE-2021-3446 Package: src:libtpms; Maintainer for src:libtpms is Seunghun Han <kkamagui@gmailcom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 12 Apr 2021 09:45:02 UTC Severity: grave Tags: patch, security, upstream Found in version libtpms/080~dev1-12 Reply ...

No description is available for this CVE ...

The commonly used integration of libtpms before version 082 with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used Instead of returning the last IV it returned the initial IV to the caller The fix for this required the copying of the last-used IV from OpenSSL so it can ...

CWE-330 https://bugzilla.redhat.com/show_bug.cgi?id=1939664 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986799 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-3446

CVE-2021-3446

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect