SUSE CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

PT-2024-2509 · Arm +3 · Mbed Crypto +4

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 2.18.0 through 2.28.x before 2.28.8 Mbed TLS versions 3.x before 3.6.0 Mbed Crypto affected versions not specified Description: The PSA Crypto API in Mbed TLS and Mbed Crypto mishandles shared memory, which can be exploited ...