CVE-2021-44732

Опубликовано: 20 дек. 2021

Источник: ubuntu

Приоритет: medium

CVSS2: 7.5

CVSS3: 9.8

Описание

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	3.6.2-3ubuntu1
esm-apps/bionic	needed
esm-apps/focal	needed
esm-apps/jammy	needed
esm-apps/noble	needed
esm-apps/xenial	needed
focal	ignored	end of standard support, was needs-triage
hirsute	ignored	end of life
impish	ignored	end of life

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2021-44732

CVSS3: 9.8

nvd

около 4 лет назад

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

CVE-2021-44732

msrc

5 месяцев назад

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

CVE-2021-44732

CVSS3: 9.8

debian

около 4 лет назад

Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...

GHSA-7g56-f7p4-fmcq

CVSS3: 9.8

github

около 4 лет назад

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

BDU:2022-00710

CVSS3: 9.8

fstec

около 4 лет назад

Уязвимость функции mbedtls_ssl_set_session() реализация протоколов TLS и SSL Mbed TLS, связанная с ошибкой повторного освобождения памяти, позволяющая нарушителю выполнить произвольный код

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2021-44732

Описание

Пакет mbedtls

Ссылки на источники

Связанные уязвимости