PT-2021-6077 · Mbed Tls+5 · Mbed Tls+5

Published

2021-12-18

Updated

2026-06-05

CVE-2021-44732

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 3.0.1

Description The issue is related to a double free error in certain out-of-memory conditions, as demonstrated by a failure of the mbedtls ssl set session() function. This error can potentially allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mbedtls ssl set session() function until a patch is available.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2021-3553

ALT-PU-2022-2561

ALT-PU-2025-10462

BDU:2022-00710

CVE-2021-44732

DLA-3249-1

DLA-4236-1

MGASA-2022-0017

USN-8123-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Mbed Tls

Ubuntu

PT-2021-6077 · Mbed Tls+5 · Mbed Tls+5

CVE-2021-44732

Weakness Enumeration

Related Identifiers

Affected Products

References · 37