关键漏洞信息 标题 Heap buffer under-read when parsing PEM-encrypted material CVE CVE-2025-52497 日期 30 June 2025 影响版本 All versions of Mbed TLS up to 3.6.3 included 不受影响版本 Mbed TLS 3.6.4 and later 3.6 versions, upcoming releases of TF-PSA-Crypto (1.0 and later) 影响 Denial of service, or potential information disclosure (CWE-127) 严重性 MEDIUM 发现者 Found and reported by Linh Le and Ngan Nguyen from Calif. 漏洞描述 When parsing invalid PEM-encrypted material (with , or ), the decryption code may attempt reading 1 byte before the beginning of a heap buffer (that was allocated by the same function). 解决方案 Affected users should upgrade to Mbed TLS 3.6.4 or later - or TF PSA Crypto 1.0 or later when it is released. 绕过方法 Applications are only affected if they process untrusted PEM-encrypted material (that is, if they call one of the above functions with a non-NULL password argument and untrusted PEM input). Applications built with disabled are not affected.