Mbed TLS Heap-Based Buffer Underflow Vulnerability in PEM Parsing

Vulnerability

A heap-based buffer underflow vulnerability has been identified in Mbed TLS versions prior to 3.6.4. This issue arises in the PEM parsing functions, specifically 'mbedtls_pem_read_buffer' and two 'mbedtls_pk_parse' functions, when handling untrusted PEM input.

Impact

Exploitation of this vulnerability leads to a heap-based buffer underflow, which can potentially be exploited to cause memory corruption.

Added: Jul 4, 2025, 4:15 PM

Updated: Jul 4, 2025, 4:15 PM

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mbed TLS Heap-Based Buffer Underflow Vulnerability in PEM Parsing

Vulnerability

Impact

Affected Products

Mbed TLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating