CVE-2021-45451

Опубликовано: 21 дек. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	3.6.2-3ubuntu1
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/noble	not-affected	code not present
esm-apps/xenial	not-affected	code not present
focal	ignored	end of standard support, was needs-triage
hirsute	ignored	end of life
impish	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 35%

0.00143

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-45451

CVSS3: 7.5

nvd

около 4 лет назад

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

CVE-2021-45451

CVSS3: 7.5

debian

около 4 лет назад

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...

GHSA-2grh-pj67-4p6p

CVSS3: 7.5

github

около 4 лет назад

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

EPSS

Процентиль: 35%

0.00143

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2021-45451

Описание

Пакет mbedtls

Ссылки на источники

Связанные уязвимости