A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-03-25T18:45:25

Updated: 2024-08-03T16:53:17.575Z

Reserved: 2021-03-16T00:00:00

Link: CVE-2021-3446

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-25T19:15:14.703

Modified: 2024-11-21T06:21:32.570

Link: CVE-2021-3446

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-03-01T00:00:00Z

Links: CVE-2021-3446 - Bugzilla