Buffer overflow in mbed TLS and TF-PSA-Crypto - CVE-2026-50584

 

Buffer overflow in mbed TLS and TF-PSA-Crypto - CVE-2026-50584

Published: July 13, 2026


Vulnerability identifier: #VU137394
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-50584
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: ARM
Affected software:
mbed TLS
TF-PSA-Crypto

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information and forge messages.

The vulnerability exists due to improper restriction of operations within the bounds of a memory buffer in ChaCha20, ChaCha20-Poly1305, and PSA AEAD APIs when processing more than 256 GB of data with the same key and nonce or when using a starting counter and input length that cross the 32-bit counter range. A remote attacker can provide specially crafted oversized input or trigger counter wraparound to disclose sensitive information and forge messages.

Mbed TLS TLS protocol code is not affected because it does not expose a way to exceed the ChaCha20-Poly1305 record limits under a single key and nonce.


How to mitigate CVE-2026-50584

Install security update from vendor's website.

Sources