CVE-2021-45450
Summary
| CVE | CVE-2021-45450 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-12-21 07:15:00 UTC |
|---|
| Updated | 2023-11-21 16:29:00 UTC |
|---|
| Description | In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Release Mbed TLS 3.1.0 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 37 Update: mbedtls-2.28.1-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Release Mbed TLS 2.28.0 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 36 Update: mbedtls-2.28.1-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Mbed TLS: Multiple Vulnerabilities (GLSA 202301-08) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] Fedora 37 Update: mbedtls-2.28.1-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: mbedtls-2.28.1-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 283264 Fedora Security Update for mbedtls (FEDORA-2022-ff582c5b0d)
- 283459 Fedora Security Update for mbedtls (FEDORA-2022-1dd9dc5140)
- 710702 Gentoo Linux Mbed Transport Layer Security (TLS) Multiple Vulnerabilities (GLSA 202301-08)
