关键漏洞信息 漏洞标题 Title: Out-of-bounds read in mbedtls_lms_import_public_key() CVE 编号 CVE: CVE-2025-49601 发布日期 Date: 2025-06-30 影响版本 Affected: Mbed TLS 3.3.0 through 3.6.3 不受影响版本 Not affected: Mbed TLS 3.6.4 and later 3.6 versions and upcoming TF-PSA-Crypto 1.0 and later versions 严重程度 Severity: MEDIUM 发现者 Credits: Found and reported by Linh Le and Ngan Nguyen from Calif. 漏洞描述 Vulnerability: An LMS public key starts with a 4-byte type indicator. The function reads this type indicator before validating the size of its input. If a public key is shortened than 4 bytes, the function performs a buffer overread of up to 4 bytes, resulting in undefined behavior. In practice this can only cause a crash and, at most, leak whether those four bytes match a fixed value. No arbitrary code execution is possible. 影响 Impact: Denial of service and possible information disclosure of a few bytes of adjacent memory. No arbitrary code execution or large-scale memory disclosure is possible. 解决方案 Resolution: Affected users should upgrade to Mbed TLS 3.6.4 or upcoming TF-PSA-Crypto 1.0 or later. 临时解决方案 Work-around: Validate that the key provided to is at least 4 bytes long.