[Debian-iot-maintainers] Bug#1133910: mbedtls: Multiple CVEs (CVE-2025-47917, CVE-2025-48965, CVE-2025-52496)

Prasad, Ayush ayush.a.prasad at accenture.com
Wed Apr 15 17:22:24 BST 2026 

Package: mbedtls
Version: 2.28.3-1

The mbedtls package in Debian bookworm appears to be affected by
multiple vulnerabilities:

  1.  CVE-2025-47917:
Use-after-free in mbedtls_x509_string_to_names() due to unexpected
freeing of output parameter memory.
  2.  CVE-2025-48965:
NULL pointer dereference in mbedtls_asn1_store_named_data when
val.p is NULL and val.len is non-zero.
  3.  CVE-2025-52496:
Race condition in AESNI detection which may allow AES key leakage
or GCM forgery in multithreaded environments.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-47917
https://security-tracker.debian.org/tracker/CVE-2025-48965
https://security-tracker.debian.org/tracker/CVE-2025-52496

System details:
Debian bookworm
mbedtls version 2.28.3-1

Thanks & Regards,

Ayush Prasad
Software Prod & Plat Eng Team Lead

APP Life Sciences – Product Engineering

Advanced Technology Centres India (ATCI)
Mobile +91 9123774187<tel:+919123774187>

[Image]


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security, AI-powered support capabilities, and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-iot-maintainers/attachments/20260415/68708b57/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: img-c64a3304-a22c-4f43-8f3a-b99da8471e7f.png
Type: image/png
Size: 1401 bytes
Desc: img-c64a3304-a22c-4f43-8f3a-b99da8471e7f.png
URL: <http://alioth-lists.debian.net/pipermail/debian-iot-maintainers/attachments/20260415/68708b57/attachment.png>

More information about the Debian-iot-maintainers mailing list