Data Protection Advisor: PostgreSQL False Positive Security Vulnerabilities (CVE-2021-45450, CVE-2021-45451)
Summary: Data Protection Advisor: PostgreSQL False Positive Security Vulnerabilities (CVE-2021-45450, CVE-2021-45451)
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
CVE-2021-45450, CVE-2021-45451
Issue Summary
See the 'Recommendation' section below for details on each CVE.
Details
The vulnerabilities listed in the table below are in order by the date on which Data Protection Advisor Engineering determined that the Data Protection Advisor 19.6,19.5,19.4,19.3,19.2,18.x was not vulnerable.
| Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
|---|---|---|---|---|
| DPA Application DPA Datastore DPA Agent |
CVE-2021-45450 | In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | The CVE is related to Mbed TLS. DPA does not bundle Mbed TLS. DPA bundles OpenSSL. | February 8, 2022 |
| DPA Application DPA Datastore DPA Agent |
CVE-2021-45451 | In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | The CVE is related to Mbed TLS. DPA does not bundle Mbed TLS. DPA bundles OpenSSL. | February 8, 2022 |
Legal Disclaimer
Article Properties
Article Number: 000198993
Article Type: Security KB
Last Modified: 13 Jun 2022
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.