CVE-2026-34874

Published: Apr 01, 2026 Last Modified: Apr 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.

476

NULL Pointer Dereference

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory
Applicable Platforms
Languages: C, C#, C++, Go, Java
Likelihood of Exploit: Medium
View CWE Details
https://mbed-tls.readthedocs.io/en/latest/security-advisori…
https://mbed-tls.readthedocs.io/en/latest/security-advisories/
https://mbed-tls.readthedocs.io/en/latest/security-advisori…
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-…