Skip to main content

Mbed TLS CVE-2026-34876

| EUVDEUVD-2026-18356 HIGH
Out-of-bounds Read (CWE-125)
2026-04-02 mitre
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 02, 2026 - 16:00 euvd
EUVD-2026-18356
Analysis Generated
Apr 02, 2026 - 16:00 vuln.today
CVE Published
Apr 02, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.

AnalysisAI

Out-of-bounds read in Mbed TLS 3.x before 3.6.6 allows attackers to leak adjacent CCM context data through the multipart CCM API by passing an oversized tag_len parameter to mbedtls_ccm_finish(), which lacks validation against the internal 16-byte authentication buffer. Mbed TLS 4.x contains the same vulnerability in internal code but does not expose the vulnerable function publicly; exploitation requires direct application-level invocation of the affected API. No public exploit code or active exploitation has been reported, but the attack requires no special privileges.

Technical ContextAI

The vulnerability exists in the Counter with CBC-MAC (CCM) authenticated encryption mode implementation within Mbed TLS, a widely-used cryptographic library. CCM is an AEAD cipher mode defined in RFC 3610, combining AES counter mode with CBC-MAC for authentication. The multipart CCM API allows applications to incrementally process data across multiple function calls; mbedtls_ccm_finish() finalizes the operation and computes the authentication tag. The root cause is insufficient bounds checking on the tag_len parameter, which controls how many bytes are written from a fixed 16-byte internal authentication buffer. When an application supplies a tag_len larger than 16, the read operation accesses memory beyond the buffer boundary, exposing adjacent CCM context data (encryption keys, nonces, or other sensitive state). This is a classic out-of-bounds read vulnerability (CWE category: buffer boundary violation). The issue is specific to Mbed TLS 3.x where the multipart API is public; in 4.x, the same code path exists internally but is not part of the public API surface, limiting attack surface.

RemediationAI

Upgrade Mbed TLS 3.x to version 3.6.6 or later, which includes bounds validation for the tag_len parameter in mbedtls_ccm_finish(). For Mbed TLS 4.x users, apply the corresponding security patch as described in the vendor advisory. Applications should validate tag_len input before invoking mbedtls_ccm_finish() or switch to the single-shot API (mbedtls_ccm_encrypt_and_authenticate) if the multipart API is not required. Review application code that uses the multipart CCM API to ensure tag_len is never user-controlled or is restricted to valid values (1-16 bytes per CCM specification). Refer to the official Mbed TLS security advisory at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ccm-finish-boundary-check/ for detailed patch release information.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-34876 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy