Vulnerabilities > CVE-2021-44732 - Double Free vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
arm
debian
CWE-415
critical

Summary

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

Vulnerable Configurations

Part Description Count
Application
Arm
149
OS
Debian
1

Common Weakness Enumeration (CWE)