CNNVD-202507-492 Information

CNNVD ID

CNNVD-202507-492

Related CVE

CVE-2025-49600

• CNNVD Published: 2025-07-04

Description (Chinese)

Mbed TLS是Mbed TLS开源的一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 3.6.4之前版本存在安全漏洞，该漏洞源于未检查哈希计算失败时的返回值，可能导致LMS签名伪造。

Description (English)

Mbed TLS is an open source, portable, user-friendly, readable and flexible SSL library for Mbed TLS. The previous version of Mbed TLS 3.6.4 had a security loophole, which stemmed from the failure to check the return value of Hashi ’ s calculations, which could lead to the forgery of LMS signatures.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mbed TLS

Published

2025-07-04

Last Modified

2026-02-24

References

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md

Patch

https://github.com/Mbed-TLS/mbedtls/releases