CVE-2024-28960
8.2
HIGH
CVSS 3.1
EPSS 0.15%
Description
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
How to fix CVE-2024-28960
To remediate CVE-2024-28960, upgrade the affected package to a fixed version below.
- Alpine/mbedtls—upgrade to 2.28.8-r0 or later
- Debian/mbedtls—no fix listed
Is CVE-2024-28960 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.28.8-r0
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |