PT-2026-29587 · Arm · Mbed Tls
Haruto Kimura
+1
·
Published
2026-04-01
·
Updated
2026-04-25
·
CVE-2026-34874
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mbed TLS versions through 3.6.5 and 4.0.0
Description
A flaw exists in the distinguished name parsing functionality, leading to a NULL pointer dereference. This can allow an attacker to write to address 0.
Recommendations
Update to a version later than 3.6.5.
Update to a version later than 4.0.0.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mbed Tls