Buffer overflow in mbed TLS and TF-PSA-Crypto - CVE-2026-50584
Published: July 13, 2026
mbed TLS
TF-PSA-Crypto
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information and forge messages.
The vulnerability exists due to improper restriction of operations within the bounds of a memory buffer in ChaCha20, ChaCha20-Poly1305, and PSA AEAD APIs when processing more than 256 GB of data with the same key and nonce or when using a starting counter and input length that cross the 32-bit counter range. A remote attacker can provide specially crafted oversized input or trigger counter wraparound to disclose sensitive information and forge messages.
Mbed TLS TLS protocol code is not affected because it does not expose a way to exceed the ChaCha20-Poly1305 record limits under a single key and nonce.