CVE-2026-34874NULL Pointer Dereference in ARM Mbed TLS

CWE-476NULL Pointer Dereference9 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 77.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ARM Mbed TLS
Timeline
PublishedApr 1
Latest updateApr 2

Description

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDarm/mbed_tls3.5.03.6.6+1

🔴Vulnerability Details

4
OSV
CVE-2026-34874: (An issue was discovered in Mbed TLS through 32026-04-02
GHSA
GHSA-5jpv-5p2x-4fwv: An issue was discovered in Mbed TLS through 32026-04-01
CVEList
CVE-2026-34874: An issue was discovered in Mbed TLS through 32026-04-01
OSV
CVE-2026-34874: An issue was discovered in Mbed TLS through 32026-04-01

📋Vendor Advisories

1
Debian
CVE-2026-34874: mbedtls - An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There i...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-34874 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-34874 micropython: NULL pointer dereference when setting a distinguished name [fedora-all]2026-04-01
Bugzilla
CVE-2026-34874 mbedtls: NULL pointer dereference when setting a distinguished name [fedora-all]2026-04-01
CVE-2026-34874 — NULL Pointer Dereference in ARM | cvebase