CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-45450

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2021-45450

Trustedfirmware » Mbed Tls » Version: 2.22.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.22.0
Trustedfirmware » Mbed Tls » Version: 2.23.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.23.0
Trustedfirmware » Mbed Tls » Version: 2.24.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.24.0
Trustedfirmware » Mbed Tls » Version: 2.25.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.25.0
Trustedfirmware » Mbed Tls » Version: 2.26.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.26.0
Trustedfirmware » Mbed Tls » Version: 2.27.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.27.0
Trustedfirmware » Mbed Tls » Version: 3.0.0

cpe:2.3:a:trustedfirmware:mbed_tls:3.0.0
Fedoraproject » Fedora » Version: 36

cpe:2.3:o:fedoraproject:fedora:36
Fedoraproject » Fedora » Version: 37

cpe:2.3:o:fedoraproject:fedora:37

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-45450

Products

Pricing

Contact Us