Mbed TLS NULL Pointer Dereference Vulnerability in ASN.1 Data Storage

Vulnerability

A NULL pointer dereference vulnerability has been identified in Mbed TLS versions prior to 3.6.4. The issue arises in the `mbedtls_asn1_store_named_data` function, where it can process conflicting data that results in a NULL pointer being dereferenced, despite the length parameter indicating data is present.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, which can cause a program crash or undefined behavior.

Added: Jul 20, 2025, 6:16 PM

Updated: Jul 20, 2025, 6:16 PM

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mbed TLS NULL Pointer Dereference Vulnerability in ASN.1 Data Storage

Vulnerability

Impact

Affected Products

Mbed TLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating