CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-45451
https://notcve.org/view.php?id=CVE-2021-45451
21 Dec 2021 — In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. En Mbed TLS versiones anteriores a 3.1.0, la función psa_aead_generate_nonce permite omitir la política o el descifrado basado en oráculos cuando el búfer de salida es encontrada en ubicaciones de memoria accesibles para una aplicación no confiable • https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-44732 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2021-44732
20 Dec 2021 — Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. Mbed TLS versiones anteriores a 3.0.1,presenta una doble liberación en determinadas condiciones de salida de memoria, como es demostrado por un fallo de la función mbedtls_ssl_set_session() Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. Versions less than 2.28.1 are affected. • https://bugs.gentoo.org/829660 • CWE-415: Double Free •