JLSEC-2025-215 In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow ...

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psaciphergenerateiv and psacipherencrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

PT-2021-24238 · Mbed Tls +1 · Mbed Tls +1

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 2.28.0 Mbed TLS versions 3.x prior to 3.1.0 Description: The issue allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application, specifically...