CVE-2025-48965

Description

Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

PUBLISHED Reserved 2025-05-29 | Published 2025-07-20 | Updated 2025-11-03 | Assigner mitre

Problem types

CWE-696 Incorrect Behavior Order

Product status

References

lists.debian.org/debian-lts-announce/2025/08/msg00013.html

mbed-tls.readthedocs.io/...tech-updates/security-advisories/

github.com/...isories/mbedtls-security-advisory-2025-06-6.md

cve.org (CVE-2025-48965)

nvd.nist.gov (CVE-2025-48965)

Download JSON