| Minos Galanakis | 9314555 | 2025-09-09 18:54:52 +0100 | [diff] [blame] | 1 | Security |
| 2 | * Fix a bug in mbedtls_x509_string_to_names() and the |
| 3 | mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, |
| 4 | where some inputs would cause an inconsistent state to be reached, causing |
| 5 | a NULL dereference either in the function itself, or in subsequent |
| 6 | users of the output structure, such as mbedtls_x509_write_names(). This |
| 7 | only affects applications that create (as opposed to consume) X.509 |
| 8 | certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. |
| Minos Galanakis | cc3f987 | 2025-09-29 10:58:51 +0100 | [diff] [blame] | 9 | CVE-2025-48965 |
| 10 | |