CVE-2025-49601

NameCVE-2025-49601
DescriptionIn MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key allows context-dependent attackers to trigger a crash or limited adjacent-memory disclosure by supplying a truncated LMS (Leighton-Micali Signature) public-key buffer under four bytes. An LMS public key starts with a 4-byte type indicator. The function mbedtls_lms_import_public_key reads this type indicator before validating the size of its input.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1108788

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mbedtls (PTS)bullseye2.16.9-0.1fixed
bullseye (security)2.16.9-0.1+deb11u1fixed
bookworm2.28.3-1fixed
trixie3.6.3-1vulnerable
sid3.6.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mbedtlssourcebullseye(not affected)
mbedtlssourcebookworm(not affected)
mbedtlssource(unstable)3.6.4-11108788

Notes

[bookworm] - mbedtls <not-affected> (Vulnerable code not present)
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-4.md
Search for package or bug name: Reporting problems