2454492 – (CVE-2026-34877) CVE-2026-34877 mbedtls: Risk of insufficient protection of serialized session or context data leading to potential memory safety issues

Bug 2454492 (CVE-2026-34877) - CVE-2026-34877 mbedtls: Risk of insufficient protection of serialized session or context data leading to potential memory safety issues

Summary: CVE-2026-34877 mbedtls: Risk of insufficient protection of serialized session...

Keywords:
Status:	NEW
Alias:	CVE-2026-34877
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2454621 2454622 2454623 2454624 2454625
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-02 18:01 UTC by OSIDB Bzimport
Modified:	2026-04-02 19:11 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-02 18:01:56 UTC

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is caused by Incorrect Use of Privileged APIs.

Note You need to log in before you can comment on or make changes to this bug.