CNNVD-202507-497 Information

CNNVD ID

CNNVD-202507-497

Related CVE

CVE-2025-49601

• CNNVD Published: 2025-07-04

Description (Chinese)

Mbed TLS是Mbed TLS开源的一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 3.6.4之前版本存在缓冲区错误漏洞，该漏洞源于未检查输入缓冲区大小，可能导致越界读取。

Description (English)

Mbed TLS is an open source, portable, user-friendly, readable and flexible SSL library for Mbed TLS. The previous version of Mbed TLS 3.6.4 had an error loophole in the buffer zone, which originated from the failure to check the size of the imported buffer zone and could lead to cross-border reading.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

Mbed TLS

Published

2025-07-04

Last Modified

2026-02-24

References

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-4.md

Patch

https://github.com/Mbed-TLS/mbedtls/releases