Vulnerability Key Information Summary Vulnerability Overview Vulnerability Details: An attacker can cause a memory allocation failure during the execution of , resulting in a call with a null pointer as the destination address. This function can also be called indirectly through the following functions: Affected Scope Impact Notes: On platforms with memory protection: May cause a segmentation fault On microcontrollers: May write data to the interrupt vector at address 0, thereby enabling arbitrary code execution Remediation Solutions 1. Temporary Mitigation Measures Ensure that Mbed TLS has sufficient memory when calling so that does not fail. On systems with memory protection where address 0 is not writable, this vulnerability will result in a segmentation fault or memory protection error, causing only denial of service (DoS) rather than arbitrary code execution. 2. Official Fix Upgrade to Mbed TLS 3.6.6 or 4.1.0 3. Fix Commits (for maintenance branches) > Note: The Mbed TLS development team only maintains official branches. These commits may not apply to older versions, and even if applicable, may not provide a complete fix.