# Heap buffer under-read when parsing PEM-encrypted material

**Title** | Heap buffer under-read when parsing PEM-encrypted material
--------- | ----------------------------------------------------------
**CVE** | CVE-2025-52497
**Date** | 30 June 2025
**Affects** | All versions of Mbed TLS up to 3.6.3 included
**Not affected** | Mbed TLS 3.6.4 and later 3.6 versions, upcoming releases of TF-PSA-Crypto (1.0 and later)
**Impact** | Denial of service, or potential information disclosure (CWE-127)
**Severity** | MEDIUM
**Credits** | Found and reported by Linh Le and Ngan Nguyen from Calif.

## Vulnerability

When parsing invalid PEM-encrypted material (with `mbedtls_pk_parse_key()`,
`mbedtls_pk_parse_keyfile()` or `mbedtls_pem_read_buffer()`), the decryption
code may attempt reading 1 byte before the beginning of a heap buffer (that was
allocated by the same function).

## Impact

This will typically result in a Denial of Service, or limited information
disclosure.

## Affected versions

All versions of Mbed TLS up to 3.6.3 are affected.

## Resolution

Affected users should upgrade to Mbed TLS 3.6.4 or later - or TF PSA Crypto 1.0
or later when it is released.

## Work-around

Applications are only affected if they process untrusted PEM-encrypted material
(that is, if they call one of the above functions with a non-NULL password
argument and untrusted PEM input).

Applications built with `MBEDTLS_PEM_C` disabled are not affected.