Description
Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Published: 2026-04-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Buffer Overflow
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the x509_inet_pton_ipv6 function of mbed TLS. The flaw allows an attacker to overwrite adjacent memory when parsing malformed IPv6 addresses during X.509 certificate processing. This overflow could lead to memory corruption, crashes, or arbitrary code execution depending on the execution context, and is classified under CWE‑121.

Affected Systems

Arm’s mbed TLS library, versions 3.5.0 through 3.6.5, and the 4.0.x series up until the 4.1.0 release, are affected. The patch was introduced in version 3.6.6 and 4.1.0. Systems that compile or embed these older mbed TLS versions are potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. However, the EPSS score is below 1%, suggesting a low probability of exploitation in the wild at present, and the vulnerability is not listed in the CISA KEV catalog. Attackers could trigger the overflow by supplying a malicious IPv6 address, which may be delivered via a crafted X.509 certificate or any input that goes through the vulnerable function. The lack of a known working exploit and the low EPSS reduce immediate risk, but the potential for remote code execution warrants prompt action.

Generated by OpenCVE AI on April 6, 2026 at 16:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade mbed TLS to version 3.6.6 or 4.1.0 or later.
  • Validate and sanitize IPv6 address input before it reaches the x509_inet_pton_ipv6 function.
  • Monitor Arm’s security advisories and apply any future updates promptly.

Generated by OpenCVE AI on April 6, 2026 at 16:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in mbed TLS IPv6 Parsing Function

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Arm
Arm mbed Tls
CPEs cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:4.0.0:*:*:*:*:*:*:*
Vendors & Products Arm
Arm mbed Tls

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mbed-tls
Mbed-tls mbedtls
Vendors & Products Mbed-tls
Mbed-tls mbedtls

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Arm Mbed Tls
Mbed-tls Mbedtls
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T19:21:41.191Z

Reserved: 2026-02-06T00:00:00.000Z

Link: CVE-2026-25833

cve-icon Vulnrichment

Updated: 2026-04-01T19:21:35.895Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T19:16:28.530

Modified: 2026-04-06T14:18:32.433

Link: CVE-2026-25833

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:07:47Z

Weaknesses