nvd-json-data-feeds/CVE-2021/CVE-2021-320xx/CVE-2021-32032.json

{
  "id": "CVE-2021-32032",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-05-21T04:15:08.733",
  "lastModified": "2021-05-27T22:33:48.293",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak."
    },
    {
      "lang": "es",
      "value": "En Trusted Firmware-M hasta la versi\u00f3n 1.3.0, limpiar la memoria asignada para una operaci\u00f3n criptogr\u00e1fica de varias partes (en caso de fallo) puede impedir que la operaci\u00f3n abort() en la biblioteca criptogr\u00e1fica asociada libere recursos internos, causando un filtrado de la memoria"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:linaro:trusted_firmware-m:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.3.0",
              "matchCriteriaId": "29270B33-F1A3-45D3-ACC7-95F531D40267"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.trustedfirmware.org",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}