JLSEC-2025-214
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-214.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-214.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/JLSEC-2025-214
- Upstream
- Published
- 2025-11-21T15:59:04.054Z
- Modified
- 2025-11-21T16:20:52.554649Z
- Summary
- Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an m...
- Details
-
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtlssslset_session() failure.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "id": "CVE-2021-44732", "imported": "2025-11-20T23:04:00.332Z", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-44732", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44732", "published": "2021-12-20T08:15:06.620Z", "modified": "2025-11-03T20:15:51.403Z" } ] }- References
-
- https://bugs.gentoo.org/829660
- https://github.com/ARMmbed/mbedtls/releases
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
- https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html