CVE-2026-34874
EUVD-2026-1800301.04.2026, 19:16
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| trustedfirmware | mbed_tls | 3.5.0 ≤ 𝑥 < 3.6.6 |
| trustedfirmware | mbed_tls | 4.0.0 |
𝑥
= Vulnerable software versions
openSUSE / SLES Releases
openSUSE Product | |||||
|---|---|---|---|---|---|
| ovmf-202408 |
| ||||
| ovmf-tools-202408 |
| ||||
| qemu-ovmf-x86_64-202408 |
| ||||
| qemu-uefi-aarch64-202408 |
|
Common Weakness Enumeration