Lucene search

MitreCVELIST:CVE-2021-45450

HistoryDec 21, 2021 - 12:00 a.m.

CVE-2021-45450

2021-12-2100:00:00

mitre

www.cve.org

mbed tls

vulnerability

policy bypass

oracle-based decryption

untrusted application

AI Score

7.9

Confidence

High

EPSS

0.002

Percentile

57.9%

JSON

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

References

github.com/ARMmbed/mbedtls/releases/tag/v2.28.0

github.com/ARMmbed/mbedtls/releases/tag/v3.1.0

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IL66WKJGXY5AXMTFE7QDMGL3RIBD6PX5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TALJHOYAYSUJTLN6BYGLO4YJGNZUY74W/

security.gentoo.org/glsa/202301-08