CVE-2025-52497
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-11-03
Assigner: MITRE
Description
Description
Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | to 3.6.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-193 | A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a one-byte heap-based buffer underflow in Mbed TLS versions before 3.6.4. It occurs in the PEM parsing functions (mbedtls_pem_read_buffer and two mbedtls_pk_parse functions) when processing untrusted PEM input, potentially causing memory corruption.
How can this vulnerability impact me? :
The vulnerability can lead to memory corruption due to a buffer underflow, which may cause application crashes or potentially allow an attacker to execute arbitrary code or disrupt service availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70