Description
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Published: 2026-04-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Memory Write
Action: Patch Now
AI Analysis

Impact

A NULL pointer dereference occurs while parsing a distinguished name in Mbed TLS up to version 3.6.5 and 4.x through 4.0.0. The flaw allows an attacker to inject a write to memory address zero, potentially corrupting program state. An attacker could then cause corruption of data structures, unintentionally influence program flow, or cause crashes, leading to loss of integrity or availability of any process using the library.

Affected Systems

ARM Mbed TLS library versions 3.6.5 and all 4.x releases up to 4.0.0 are affected. Any application linking to these releases and performing certificate parsing is at risk. The flaw is not present in versions newer than 4.0.0.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity while the EPSS score of less than 1% suggests a low current exploitation likelihood. The vulnerability is not included in the CISA KEV catalog. Based on the description, the likely attack vector involves an attacker supplying a malformed Distinguished Name or certificate to a vulnerable application, triggering the null pointer dereference and producing a memory write.

Generated by OpenCVE AI on April 3, 2026 at 23:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mbed TLS to a version newer than 4.0.0, such as 4.0.1 or later.
  • Verify that the updated library is deployed on all affected systems.
  • If upgrading is temporarily unfeasible, validate certificate inputs and restrict processing of untrusted or malformed distinguished names.
  • Regularly check the vendor website or security advisories for further updates or patches.

Generated by OpenCVE AI on April 3, 2026 at 23:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title NULL Pointer Dereference Allowing Arbitrary Memory Write in Mbed TLS

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Arm
Arm mbed Tls
CPEs cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:4.0.0:*:*:*:*:*:*:*
Vendors & Products Arm
Arm mbed Tls

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mbed-tls
Mbed-tls mbedtls
Vendors & Products Mbed-tls
Mbed-tls mbedtls

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title NULL Pointer Dereference Allowing Arbitrary Memory Write in Mbed TLS

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Arm Mbed Tls
Mbed-tls Mbedtls
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T19:24:08.049Z

Reserved: 2026-03-31T00:00:00.000Z

Link: CVE-2026-34874

cve-icon Vulnrichment

Updated: 2026-04-01T19:24:03.915Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T19:16:33.390

Modified: 2026-04-03T20:06:34.877

Link: CVE-2026-34874

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:07:40Z

Weaknesses