Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls pem read buffer and two mbedtls pk parse functions, via untrusted PEM input.