Misleading memory management in mbedtls_x509_string_to_names()

Title	Misleading memory management in mbedtls_x509_string_to_names()
CVE	CVE-2025-47917
Date	30 June 2025
Affects	All versions of Mbed TLS up to 3.6.3
Not affected	Mbed TLS 3.6.4 and later 3.6 versions, upcoming 4.x versions.
Impact	Possible use-after-free or double-free leading to arbitrary code execution.
Severity	HIGH
Credits	Found by Linh Le and Ngan Nguyen from Calif.

Vulnerability

The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest the function will free that pointer, however the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free().

As a result, application code that uses this function relying only on documented behaviour is likely to still hold pointers to the memory blocks that were free()d, resulting in high risk of user-after-free or double-free.

In particular, the two sample programs x509/cert_write and x509/cert_req were affected (use-after-free if the san string contains more than one DN).

Impact

Depending on the application code, a use-after-free and/or double-free is likely. Depending on the malloc() implementation, this is likely to lead to arbitrary code execution.

Affected versions

All versions of Mbed TLS up to 3.6.3 are affected.

Resolution

Affected users should upgrade to Mbed TLS 3.6.4 and/or apply the workaround below (which is enforced in 3.6.4: passing something other than a pointer-to-NULL will result in the function immediately returning an error).

Work-around

Always passing a pointer-to-NULL as the head argument to mbedtls_x509_string_to_names() avoids the problem. Moreover, this approach will continue to work in version 3.6.4 and later.

Applications that do not call mbedtls_x509_string_to_names() directly are not affected. Internal uses of this function do not lead to memory management errors.