Debian 11: Critical Buffer Overflow Vulnerability DLA-4274-1 CVE-2025-47917
debian lts
August 18, 2025
Multiple vulnerabilities have been fixed in mbedtls, a lightweight crypto and SSL/TLS library
Topics Covered
Summary
CVE-2025-47917
MbedTLS allows use-after-free in certain situations in the correctly
developed applications.
CVE-2025-48965
The handling of val.p and val.len in mbedtls_asn1_store_named_data was
inconsistent and allowed NULL pointer dereference. The fix for this issue
depended on fixes for two related issues in the same piece of code, which
are now also fixed.
CVE-2025-52496
A race condition in AESNI detection could occur if certain compiler
optimisations were applied, making it possible to extract an AES key from
a multithreaded program or perform a GCM forgery.
CVE-2025-52497
In mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, one-byte
heap-based buffer underflow could occur.
For Debian 11 bullseye, these problems have been fixed in version
2.16.9-0.1+deb11u2.
We recommend that you upgrade your mbedtls packages.
For the detailed security status of mbedtls please refer to
its security tracker page at:
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: mbedtls
Version: 2.16.9-0.1+deb11u2
CVE ID: CVE-2025-47917 CVE-2025-48965 CVE-2025-52496 CVE-2025-52497
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!