All errata/sisyphus/ALT-PU-2025-16849-2
ALT-PU-2025-16849-2

Package update mbedtls in branch sisyphus

Version3.6.4-alt1
Task#388606
Published2026-06-07
Max severityCRITICAL
Severity:

Closed issues (8)

BDU:2025-09512
MEDIUM4.0

Уязвимость функции mbedtls_asn1_store_named_data программного обеспечения Mbed TLS, позволяющая нарушителю выполнить произвольный код

Published: 2025-08-07
CVSS 3.xMEDIUM 4.0
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
CVSS 2.0LOW 2.6
CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P
References
BDU:2025-09513
HIGH8.9

Уязвимость функции mbedtls_x509_string_to_names программного обеспечения Mbed TLS, позволяющая нарушителю выполнить произвольный код

Published: 2025-08-07Modified: 2025-11-25
CVSS 3.xHIGH 8.9
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
CVSS 2.0HIGH 7.3
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:C/A:C
References
BDU:2025-09516
MEDIUM4.8

Уязвимость функций mbedtls_pem_read_buffer(), mbedtls_pk_parse() программного обеспечения Mbed TLS, позволяющая нарушителю вызвать отказ в обслуживании или раскрыть защищаемую информацию

Published: 2025-08-07
CVSS 3.xMEDIUM 4.8
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:P
References
BDU:2025-09517
HIGH7.8

Уязвимость функции mbedtls_aesni_has_support() программного обеспечения Mbed TLS, позволяющая нарушителю оказать воздействие на целостность и конфиденциальность защищаемой информации

Published: 2025-08-07Modified: 2025-11-25
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CVSS 2.0MEDIUM 5.6
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:N
References
CVE-2025-47917
CRITICAL9.8

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN).

Published: 2025-07-20Modified: 2025-11-03
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2025-48965
HIGH7.5

Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

Published: 2025-07-20Modified: 2025-11-03
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2025-52496
HIGH7.8

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

Published: 2025-07-04Modified: 2025-11-03
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
References