2453966 – (CVE-2026-34872) CVE-2026-34872 mbedtls: Mbed TLS and TF-PSA-Crypto: Shared secret manipulation via improper FFDH input validation

Bug 2453966 (CVE-2026-34872) - CVE-2026-34872 mbedtls: Mbed TLS and TF-PSA-Crypto: Shared secret manipulation via improper FFDH input validation

Summary: CVE-2026-34872 mbedtls: Mbed TLS and TF-PSA-Crypto: Shared secret manipulatio...

Keywords:
Status:	NEW
Alias:	CVE-2026-34872
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2454195 2454198 2454200 2454204 2454208
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-01 20:01 UTC by OSIDB Bzimport
Modified:	2026-04-02 05:55 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-01 20:01:49 UTC

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).

Note You need to log in before you can comment on or make changes to this bug.