{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-34875", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T18:29:02.514Z", "dateReserved": "2026-03-31T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T17:54:22.730Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:28:31.287047Z", "id": "CVE-2026-34875", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:29:02.514Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-34875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:28:31.287047Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:26:48.519Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T17:54:22.730Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34875", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:29:02.514Z", "dateReserved": "2026-03-31T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-01T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys."}], "id": "CVE-2026-34875", "lastModified": "2026-04-03T16:10:52.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-01T18:16:31.433", "references": [{"source": "cve@mitre.org", "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}, {"source": "cve@mitre.org", "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "mbedtls: Mbed TLS and TF-PSA-Crypto: Arbitrary code execution due to buffer overflow in FFDH key export", "id": "2453963", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453963"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.", "A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability, a buffer overflow, occurs during the export of public keys for FFDH (Finite Field Diffie-Hellman) keys. A remote attacker could exploit this to potentially execute arbitrary code, gaining full control over the affected system, or cause a denial of service, making the system unavailable."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-34875", "public_date": "2026-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34875\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34875\nhttps://mbed-tls.readthedocs.io/en/latest/security-advisories/\nhttps://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/"], "statement": "Critical: A buffer overflow flaw in Mbed TLS and TF-PSA-Crypto during FFDH public key export could allow a remote attacker to execute arbitrary code or cause a denial of service. Red Hat products utilizing Mbed TLS for FFDH key operations are susceptible if they expose this functionality to untrusted input.", "threat_severity": "Critical"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.5]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 97.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mbedtls", "vendor": "mbed-tls"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "tf-psa-crypto", "vendor": "mbed-tls"}], "analysis": {"en": {"generated_at": "2026-04-02T04:47:15.313397+00:00", "value": {"mitigation_remediation": ["Upgrade Mbed TLS to version 3.6.6 or later.", "Upgrade TF-PSA-Crypto to a version newer than 1.0.0.", "Verify that applications correctly handle key export operations and avoid unvalidated buffer sizes.", "Test the updated libraries in a staging environment before deploying to production."], "summary": {"action": "Immediate patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Mbed TLS cryptographic library used in embedded applications. Versions 3.6.5 and earlier are impacted, as well as the TF-PSA-Crypto library through version 1.0.0.", "description_and_impact": "A buffer overflow occurs in the public key export routine for FFDH keys in Mbed TLS up to version 3.6.5 and in TF-PSA-Crypto 1.0.0. The overflow can corrupt local memory during the export operation, which infers that an attacker could overwrite critical data or gain arbitrary code execution. The weakness is a classic buffer overflow, identified as CWE\u2011120.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a high\u2011severity flaw with broad impact. While the EPSS score is unavailable, the lack of listing in the CISA KEV catalog does not mitigate the risk. Exploitation would target the public key export API; an attacker with the ability to influence that routine could trigger the overflow. The vulnerability could lead to denial of service or code execution depending on how the overflow is leveraged."}}}}, "created": "2026-04-02T07:51:10.783222+00:00", "title": "Buffer Overflow in Mbed TLS Public Key Export for FFDH Keys", "updated": "2026-04-03T08:58:55.400708+00:00", "vendors": ["mbed-tls", "mbed-tls$PRODUCT$mbedtls", "mbed-tls$PRODUCT$tf-psa-crypto"]}