PT-2021-20531 · Openssl+1 · Openssl+1

Guilherme De Almeida Suckevicz

Published

2021-03-25

Updated

2022-10-27

CVE-2021-3446

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: libtpms versions prior to 0.8.2

Description: A flaw in libtpms, specifically in its integration with OpenSSL, relates to the handling of the initialization vector (IV) when using certain symmetric ciphers. The issue causes the return of the initial IV instead of the last IV to the caller, which weakens subsequent encryption and decryption steps. This primarily threatens data confidentiality.

Recommendations: For versions prior to 0.8.2, update to version 0.8.2 or later to resolve the issue.

Fix

Use of Insufficiently Random Values

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-327

Related Identifiers

CVE-2021-3446

MGASA-2021-0590

OPENSUSE-SU-2024:11004-1

Affected Products

Openssl

Libtpms

PT-2021-20531 · Openssl+1 · Openssl+1

CVE-2021-3446

Weakness Enumeration

Related Identifiers

Affected Products

References · 19