An issue exists in Arm Mbed TLS prior to 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
arm mbed tls
debian debian linux 10.0