Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mbed_tls | Arm | * | 3.6.4 (excluding) |
Mbedtls | Ubuntu | upstream | * |