QSearchQSearch

CVE-2021-3446

5.5 MEDIUM

A flaw was found in libtpms in versions before 0.8.2

Published: 2021-03-25 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.5 MEDIUM
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-327, CWE-330

Affected products

VendorProduct
fedoraprojectenterprise_linux, fedora, libtpms
libtpms_projectenterprise_linux, fedora, libtpms
redhatenterprise_linux, fedora, libtpms

Description

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-1767 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
  • CVE-2026-1766 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
  • CVE-2026-11793 A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
  • CVE-2026-11790 A flaw was found in 389 Directory Server (4.9 MEDIUM)
  • CVE-2026-11789 A flaw was found in 389 Directory Server (4.9 MEDIUM)

Same CWE

  • CVE-2026-9261 Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.8 MEDIUM)
  • CVE-2026-50086 The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authent... (10.0 CRITICAL)
  • CVE-2026-50009 Netty is a network application framework for development of protocol servers and clients (4.8 MEDIUM)
  • CVE-2026-45673 Netty is a network application framework for development of protocol servers and clients (6.8 MEDIUM)
  • CVE-2026-40996 Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation Reques... (4.8 MEDIUM)