CVE-2025-52497 Information

Description

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions via untrusted PEM input.

Reference

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md

Related CNNVD

CNNVD-202507-500 (Published: 2025-07-04)