Source: mbedtls Version: 3.6.5-0.1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for mbedtls. CVE-2026-34871[0]: | An issue was discovered in Mbed TLS before 3.6.6 and 4.x before | 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in | a Pseudo-Random Number Generator (PRNG). CVE-2026-34872[1]: | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 | and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in | FFDH due to improper input validation. Using finite-field Diffie- | Hellman, the other party can force the shared secret into a small | set of values (lack of contributory behavior). This is a problem for | protocols that depend on contributory behavior (which is not the | case for TLS). The attack can be carried by the peer, or depending | on the protocol by an active network attacker (person in the | middle). CVE-2026-34873[2]: | An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client | impersonation can occur while resuming a TLS 1.3 session. CVE-2026-34874[3]: | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through | 4.0.0. There is a NULL pointer dereference in distinguished name | parsing that allows an attacker to write to address 0. CVE-2026-34875[4]: | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto | 1.0.0. A buffer overflow can occur in public key export for FFDH | keys. CVE-2026-34876[5]: | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of- | bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c | allows attackers to obtain adjacent CCM context data via invocation | of the multipart CCM API with an oversized tag_len parameter. This | is caused by missing validation of the tag_len parameter against the | size of the internal 16-byte authentication buffer. The issue | affects the public multipart CCM API in Mbed TLS 3.x, where | mbedtls_ccm_finish() can be invoked directly by applications. In | Mbed TLS 4.x versions prior to the fix, the same missing validation | exists in the internal implementation; however, the function is not | exposed as part of the public API. Exploitation requires | application-level invocation of the multipart CCM API. CVE-2026-34877[6]: | An issue was discovered in Mbed TLS versions from 2.19.0 up to | 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL | context or session structures allows an attacker who can modify the | serialized structures to induce memory corruption, leading to | arbitrary code execution. This is caused by Incorrect Use of | Privileged APIs. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-34871 https://www.cve.org/CVERecord?id=CVE-2026-34871 [1] https://security-tracker.debian.org/tracker/CVE-2026-34872 https://www.cve.org/CVERecord?id=CVE-2026-34872 [2] https://security-tracker.debian.org/tracker/CVE-2026-34873 https://www.cve.org/CVERecord?id=CVE-2026-34873 [3] https://security-tracker.debian.org/tracker/CVE-2026-34874 https://www.cve.org/CVERecord?id=CVE-2026-34874 [4] https://security-tracker.debian.org/tracker/CVE-2026-34875 https://www.cve.org/CVERecord?id=CVE-2026-34875 [5] https://security-tracker.debian.org/tracker/CVE-2026-34876 https://www.cve.org/CVERecord?id=CVE-2026-34876 [6] https://security-tracker.debian.org/tracker/CVE-2026-34877 https://www.cve.org/CVERecord?id=CVE-2026-34877 Regards, Salvatore
