Description
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The flaw is an out‑of‑bounds read in mbedtls_ccm_finish() that occurs when the multipart CCM API is called with a tag_len value larger than the 16‑byte authentication buffer. The read exposes adjacent memory belonging to the CCM context, allowing an attacker to retrieve sensitive data such as cryptographic keys or authentication tags. This vulnerability is classified as CWE‑125 and results in potential information disclosure.

Affected Systems

The vulnerability affects the Arm mbed TLS library. Public versions in the 3.x series prior to 3.6.6 are susceptible. Versions of Mbed TLS 4.x before the fix also contain the same internal validation error, but the API is not publicly exposed. Applications that use the multipart CCM API in these versions are at risk.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, while an EPSS of less than 1% points to a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires that an attacker can invoke the multipart CCM API with an oversized tag_len, which is typically possible only through application‑level code that accepts user‑supplied parameters. The attack vector is inferred to be application‑level and could occur remotely if the application processes external input. The patch in 3.6.6 eliminates the unvalidated length check, mitigating the read.

Generated by OpenCVE AI on April 7, 2026 at 20:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Mbed TLS to version 3.6.6 or newer.
  • If an upgrade is not immediately possible, ensure that any call to mbedtls_ccm_finish validates tag_len to be no larger than the authentication buffer size.
  • Review existing code for usage of the multipart CCM API and add validation checks or constraints as a temporary safeguard.
  • Monitor for applications still running affected library versions and plan an upgrade.

Generated by OpenCVE AI on April 7, 2026 at 20:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Mbed TLS CCM Finish Function

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Arm
Arm mbed Tls
CPEs cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
Vendors & Products Arm
Arm mbed Tls

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Mbed TLS CCM Finish Function

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in Mbed TLS CCM API Enabling Information Disclosure
Weaknesses CWE-119
CWE-200

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in Mbed TLS CCM API Enabling Information Disclosure
First Time appeared Mbed-tls
Mbed-tls mbedtls
Weaknesses CWE-119
CWE-125
CWE-200
Vendors & Products Mbed-tls
Mbed-tls mbedtls
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
References

Subscriptions

Arm Mbed Tls
Mbed-tls Mbedtls
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-02T15:54:45.230Z

Reserved: 2026-03-31T00:00:00.000Z

Link: CVE-2026-34876

cve-icon Vulnrichment

Updated: 2026-04-02T15:54:17.890Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T16:16:26.180

Modified: 2026-04-07T12:14:22.150

Link: CVE-2026-34876

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:38Z

Weaknesses