Double Free
CVE-2021-44732
Summary
Mbed TLS prior to 3.1.0 has a double free in certain Out-of-Memory conditions, as demonstrated by an "mbedtls_ssl_set_session()" failure.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
References
Advisory Timeline
- Published
