Mbed TLS Use-After-Free Vulnerability in X.509 Name Parsing

A use-after-free vulnerability has been identified in Mbed TLS versions prior to 3.6.4. The issue arises in applications that follow the documentation, specifically within the function 'mbedtls_x509_string_to_names()'. This function is supposed to treat the 'head' argument as an output pointer, but the documentation fails to mention that it will free the pointer's memory. The function inadvertently calls 'mbedtls_asn1_free_named_data_list()', which performs a deep free of the data. Consequently, application code that relies on the documented behavior may still reference the now-freed memory, leading to a high risk of use-after-free or double-free errors. The vulnerability is particularly present in the sample programs 'x509/cert_write' and 'x509/cert_req', where the 'san' string contains more than one DN.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service.

Reproduction

To reproduce this vulnerability, use Mbed TLS versions prior to 3.6.4 and run the sample programs 'x509/cert_write' or 'x509/cert_req'. Ensure that the 'san' string contains more than one DN. This will trigger the use-after-free condition by causing the 'mbedtls_x509_string_to_names()' function to free memory that the application code still references.

Remediation

Users can upgrade to Mbed TLS version 3.6.4 or later to address this vulnerability.