CNNVD-202507-2583 Information
CNNVD ID
CNNVD-202507-2583
Related CVE
- CNNVD Published: 2025-07-20
Description (Chinese)
Mbed TLS是Mbed TLS开源的一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 3.6.4之前版本存在资源管理错误漏洞,该漏洞源于释放后重用,可能导致空指针取消引用或双重释放。
Description (English)
Mbed TLS is an open source, portable, user-friendly, readable and flexible SSL library for Mbed TLS. The previous version of Mbed TLS 3.6.4 had a misdirectional resource management loophole, which stemmed from re-use after release and could lead to the cancellation of references or double release of empty fingers.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
Mbed TLS
Published
2025-07-20
Last Modified
2026-02-24
References
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md https://www.exploit-db.com/exploits/52427 https://cxsecurity.com/issue/WLB-2025120009
Patch
https://github.com/Mbed-TLS/mbedtls/releases
Share on: