Vulnerabilities > CVE-2021-44732 - Double Free vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

arm

debian

CWE-415

critical

NVD

Published: 2021-12-20

Updated: 2023-02-24

Summary

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

Vulnerable Configurations

Part	Description	Count
Application	Arm ARM Mbed TLS - ARM Mbed TLS 1.3.0 ARM Mbed TLS 1.3.1 ARM Mbed TLS 1.3.2 ARM Mbed TLS 1.3.3 ARM Mbed TLS 1.3.4 ARM Mbed TLS 1.3.5 ARM Mbed TLS 1.3.6 ARM Mbed TLS 1.3.7 ARM Mbed TLS 1.3.8 ARM Mbed TLS 1.3.9 ARM Mbed TLS 1.3.10 ARM Mbed TLS 1.3.11 ARM Mbed TLS 1.3.12 ARM Mbed TLS 1.3.13 ARM Mbed TLS 1.3.14 ARM Mbed TLS 1.3.15 ARM Mbed TLS 1.3.16 ARM Mbed TLS 1.3.17 ARM Mbed TLS 1.3.18 ARM Mbed TLS 1.3.19 ARM Mbed TLS 1.3.20 ARM Mbed TLS 1.3.21 ARM Mbed TLS 1.3.22 ARM Mbed TLS 2.0.0 ARM Mbed TLS 2.1.0 ARM Mbed TLS 2.1.1 ARM Mbed TLS 2.1.2 ARM Mbed TLS 2.1.3 ARM Mbed TLS 2.1.4 ARM Mbed TLS 2.1.5 ARM Mbed TLS 2.1.6 ARM Mbed TLS 2.1.7 ARM Mbed TLS 2.1.8 ARM Mbed TLS 2.1.9 ARM Mbed TLS 2.1.10 ARM Mbed TLS 2.1.11 ARM Mbed TLS 2.1.12 ARM Mbed TLS 2.1.13 ARM Mbed TLS 2.1.14 ARM Mbed TLS 2.1.15 ARM Mbed TLS 2.1.16 ARM Mbed TLS 2.1.17 ARM Mbed TLS 2.1.18 ARM Mbed TLS 2.2.0 ARM Mbed TLS 2.2.1 ARM Mbed TLS 2.2.2 ARM Mbed TLS 2.2.3 ARM Mbed TLS 2.3.0 ARM Mbed TLS 2.3.1 ARM Mbed TLS 2.3.2 ARM Mbed TLS 2.4.0 ARM Mbed TLS 2.4.1 ARM Mbed TLS 2.4.2 ARM Mbed TLS 2.5.0 ARM Mbed TLS 2.5.1 ARM Mbed TLS 2.6.0 ARM Mbed TLS 2.6.1 ARM Mbed TLS 2.7.0 ARM Mbed TLS 2.7.1 ARM Mbed TLS 2.7.2 ARM Mbed TLS 2.7.3 ARM Mbed TLS 2.7.4 ARM Mbed TLS 2.7.5 ARM Mbed TLS 2.7.6 ARM Mbed TLS 2.7.7 ARM Mbed TLS 2.7.8 ARM Mbed TLS 2.7.9 ARM Mbed TLS 2.7.10 ARM Mbed TLS 2.7.11 ARM Mbed TLS 2.7.12 ARM Mbed TLS 2.7.13 ARM Mbed TLS 2.7.14 ARM Mbed TLS 2.7.15 ARM Mbed TLS 2.7.16 ARM Mbed TLS 2.7.17 ARM Mbed TLS 2.7.18 ARM Mbed TLS 2.8.0 ARM Mbed TLS 2.9.0 ARM Mbed TLS 2.10.0 ARM Mbed TLS 2.11.0 ARM Mbed TLS 2.12.0 ARM Mbed TLS 2.13.0 ARM Mbed TLS 2.13.1 ARM Mbed TLS 2.14.0 ARM Mbed TLS 2.14.1 ARM Mbed TLS 2.15.0 ARM Mbed TLS 2.15.1 ARM Mbed TLS 2.16.0 ARM Mbed TLS 2.16.1 ARM Mbed TLS 2.16.2 ARM Mbed TLS 2.16.3 ARM Mbed TLS 2.16.4 ARM Mbed TLS 2.16.5 ARM Mbed TLS 2.16.6 ARM Mbed TLS 2.16.7 ARM Mbed TLS 2.16.8 ARM Mbed TLS 2.16.9 ARM Mbed TLS 2.16.10 ARM Mbed TLS 2.16.11 ARM Mbed TLS 2.17.0 ARM Mbed TLS 2.18.0 ARM Mbed TLS 2.18.1 ARM Mbed TLS 2.19.0 ARM Mbed TLS 2.19.1 ARM Mbed TLS 2.20.0 ARM Mbed TLS 2.21.0 ARM Mbed TLS 2.22.0 ARM Mbed TLS 2.23.0 ARM Mbed TLS 2.24.0 ARM Mbed TLS 2.25.0 ARM Mbed TLS 2.26.0 ARM Mbed TLS 2.27.0 ARM Mbed TLS 3.0.0	149
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References