CVE-2021-45450

🗓️ 21 Dec 2021 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 81 Views

Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

Reporter	Title	Published	Views	Family All 38
Circl	CVE-2021-45450	21 Dec 202112:22	–	circl
CNNVD	ARM mbed TLS加密问题漏洞	21 Dec 202100:00	–	cnnvd
Cvelist	CVE-2021-45450	21 Dec 202100:00	–	cvelist
Debian CVE	CVE-2021-45450	21 Dec 202100:00	–	debiancve
EUVD	EUVD-2021-32221	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 36 Update: mbedtls-2.28.1-1.fc36	30 Oct 202221:00	–	fedora
Fedora	[SECURITY] Fedora 37 Update: mbedtls-2.28.1-1.fc37	10 Nov 202222:50	–	fedora
Tenable Nessus	Fedora 37 : mbedtls (2022-1dd9dc5140)	15 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 36 : mbedtls (2022-ff582c5b0d)	22 Dec 202200:00	–	nessus
Tenable Nessus	GLSA-202301-08 : Mbed TLS: Multiple Vulnerabilities	11 Jan 202300:00	–	nessus

NVD

Node

trustedfirmware mbed_tlsRange2.22.0–2.28.0

trustedfirmware mbed_tlsMatch3.0.0

Node

fedoraproject fedoraMatch36

fedoraproject fedoraMatch37

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IL66WKJGXY5AXMTFE7QDMGL3RIBD6PX5/
security	www.security.gentoo.org/glsa/202301-08
github	www.github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
github	www.github.com/ARMmbed/mbedtls/releases/tag/v3.1.0
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TALJHOYAYSUJTLN6BYGLO4YJGNZUY74W/

05 Jun 2026 19:38Current

7.5High risk

Vulners AI Score7.5

CVSS 25

CVSS 3.17.5

EPSS0.00111

CWE-327