High severity7.5NVD Advisory· Published Apr 1, 2026· Updated Jun 5, 2026
CVE-2026-34874
CVE-2026-34874
Description
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords4 versionspkg:rpm/opensuse/mbedtls&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ovmf&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.6.6-1.1+ 3 more
- (no CPE)range: < 3.6.6-1.1
- (no CPE)range: < 202602-9.1
- (no CPE)range: < 202502-160000.5.1
- (no CPE)range: < 202502-160000.5.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.