Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Arm |
|
| Debian |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-3249-1 | mbedtls security update |
| Debian DLA |
DLA-4236-1 | mbedtls security update |
 EUVD |
EUVD-2021-31547 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 03 Nov 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-11-03T19:26:32.887Z
Reserved: 2021-12-08T00:00:00.000Z
Link: CVE-2021-44732
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-12-20T08:15:06.620
Modified: 2025-11-03T20:15:51.403
Link: CVE-2021-44732
Redhat
No data.
OpenCVE Enrichment
No data.