An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
The vulnerability (CWE-120 — classic buffer overflow) occurs in the public key export procedure for the FFDH algorithm. During this operation, data writing exceeds the boundary of the allocated buffer in memory, which can lead to overwriting adjacent memory areas. The vulnerability is network-accessible, requires no user interaction or any privileges, making it particularly dangerous in environments using these cryptographic libraries.
An attacker may potentially gain unauthorized access to sensitive data, compromise system integrity, or cause system unavailability (respectively: High for confidentiality, integrity, and availability according to CVSS). In the worst-case scenario, remote code execution (RCE) is possible.
Patches available from the manufacturer should be applied according to the references. Details regarding the corrected version are available in the official Arm Mbed TLS security advisory at: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/
Arm Mbed TLS in versions up to 3.6.5 inclusive and Arm TF-PSA-Crypto in version 1.0.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrustedfirmware Mbed Tls
APPTrustedfirmware3.5.0 – 3.6.6 (bez)Trustedfirmware Tf Psa Crypto
APPTrustedfirmware< 1.1.0
Related vulnerabilities
RCE przez deserializację kontekstu SSL w Mbed TLS
Arm Mbed TLS: podszywanie się pod klienta przy wznawianiu sesji TLS 1.3
Buffer underrun w Mbed TLS podczas zapisu nieprzezroczystej pary kluczy
Arm Mbed TLS: błąd weryfikacji certyfikatu klienta w TLS 1.3
Stack buffer overflow w Mbed TLS – funkcje konwersji ECDSA