CVE-2021-3505

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3505

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3505.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-3505

Downstream

DEBIAN-CVE-2021-3505

OESA-2022-1959

openSUSE-SU-2024:11004-1

Related

Published

2021-04-19T21:15:13Z

Modified

2025-09-19T13:02:58.457362Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

References

Affected packages

Git / github.com/stefanberger/libtpms

Affected ranges

Type: GIT
Repo: https://github.com/stefanberger/libtpms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3fd4b94903061e156e64dc6a738237df2aebba09

Affected versions

v0.*

v0.5.2

v0.5.2.1

v0.6.0

v0.7.0