DEBIAN-CVE-2021-3505

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-3505

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-3505.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-3505

Upstream

CVE-2021-3505

Published

2021-04-19T21:15:13Z

Modified

2025-09-19T06:15:28Z

Summary

[none]

Details

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

References

https://security-tracker.debian.org/tracker/CVE-2021-3505

Affected packages

Debian:12 / libtpms

Package

Name: libtpms
Purl: pkg:deb/debian/libtpms?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0~dev1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libtpms

Package

Name: libtpms
Purl: pkg:deb/debian/libtpms?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0~dev1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libtpms

Package

Name: libtpms
Purl: pkg:deb/debian/libtpms?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.0~dev1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}