SB2026071347 - Multiple vulnerabilities in mbed TLS



SB2026071347 - Multiple vulnerabilities in mbed TLS

Published: July 13, 2026

Security Bulletin ID SB2026071347
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2026-50584)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information and forge messages.

The vulnerability exists due to improper restriction of operations within the bounds of a memory buffer in ChaCha20, ChaCha20-Poly1305, and PSA AEAD APIs when processing more than 256 GB of data with the same key and nonce or when using a starting counter and input length that cross the 32-bit counter range. A remote attacker can provide specially crafted oversized input or trigger counter wraparound to disclose sensitive information and forge messages.

Mbed TLS TLS protocol code is not affected because it does not expose a way to exceed the ChaCha20-Poly1305 record limits under a single key and nonce.


2) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2026-54435)

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local privileged user to recover long-term ECC keys.

The vulnerability exists due to observable timing side-channel behavior in optimized modular reduction routines for elliptic curve operations when performing repeated scalar multiplication with the same secret scalar. A local privileged user can obtain precise execution traces to recover long-term ECC keys.

Affected operations include deterministic ECDSA signature generation, derivation of the public key when loading a private key, and deterministic key generation.


3) Input validation error (CVE-ID: CVE-2026-54434)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to force the ECDH shared secret to a fixed value.

The vulnerability exists due to improper input validation in the built-in Curve25519 (X25519) ECDH implementation when performing key agreement with PSA_ALG_ECDH. A remote attacker can supply input that results in an all-zero shared secret to force the ECDH shared secret to a fixed value.

Only builds with MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED are vulnerable, and the issue applies to protocols that require contributory behaviour.


Remediation

Install update from vendor's website.