Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
AnalysisAI
Buffer overflow in Mbed TLS public key export functionality for Finite Field Diffie-Hellman (FFDH) keys affects versions through 3.6.5 and TF-PSA-Crypto 1.0.0. An attacker can trigger a memory corruption condition during FFDH public key export operations, potentially enabling code execution or denial of service depending on memory layout and application context. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
Mbed TLS is a cryptographic library providing TLS/SSL and general-purpose cryptographic functions. TF-PSA-Crypto is a reference implementation of the Platform Security Architecture (PSA) Cryptography API specification. The vulnerability resides in the public key export mechanism for FFDH (Finite Field Diffie-Hellman) keys-a cryptographic algorithm used for key exchange. The buffer overflow likely occurs when serializing FFDH public key material into a fixed-size or improperly-validated buffer during the export process, allowing an attacker to write beyond allocated memory boundaries. Affected versions include Mbed TLS up to and including 3.6.5 and TF-PSA-Crypto 1.0.0, indicating the defect spans both the original library and the PSA-compliant reference implementation.
RemediationAI
Upgrade Mbed TLS to the patched version released after 3.6.5, and upgrade TF-PSA-Crypto to a version after 1.0.0. Exact fixed version numbers are not specified in the provided data; consult the official Mbed TLS security advisory at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/ for the definitive patch version and release date. As a temporary mitigation, applications should avoid FFDH key export operations or disable FFDH algorithm support if not required for their use case. Recompilation and redeployment of applications using Mbed TLS are required after patching.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17993
GHSA-g3pc-q77x-rjjp