What is GHSA-97vf-2gx4-2rfm?

GHSA-97vf-2gx4-2rfm is a security advisory published by GitHub Security Advisories with High severity. In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt...

Which CVE IDs does GHSA-97vf-2gx4-2rfm cover?

GHSA-97vf-2gx4-2rfm covers the following CVE IDs: CVE-2021-45450. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-97vf-2gx4-2rfm?

GHSA-97vf-2gx4-2rfm has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-97vf-2gx4-2rfmHighCVSS 7.5

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt...

Vendor

GitHub Security Advisories

Published

December 22, 2021

Last Modified

June 5, 2026

🔗 CVE IDs covered (1)

CVE-2021-45450 →

📋 Description

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2021-45450
https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0
https://security.gentoo.org/glsa/202301-08
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IL66WKJGXY5AXMTFE7QDMGL3RIBD6PX5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TALJHOYAYSUJTLN6BYGLO4YJGNZUY74W
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IL66WKJGXY5AXMTFE7QDMGL3RIBD6PX5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TALJHOYAYSUJTLN6BYGLO4YJGNZUY74W
https://github.com/advisories/GHSA-97vf-2gx4-2rfm