Mbed TLS Out-of-Bounds Read Vulnerability in CCM Multipart Finish Tag-Length Validation

A vulnerability allowing out-of-bounds read has been identified in Mbed TLS versions 3.1.0 prior to 3.6.6. The issue arises in the 'mbedtls_ccm_finish()' function within the CCM implementation, where the 'tag_len' parameter is not properly validated. This oversight allows attackers to read beyond the allocated 16-byte buffer into adjacent memory, potentially disclosing sensitive information such as nonce data and block cipher state. The vulnerability is exploitable through the public multipart CCM API by supplying an oversized 'tag_len' parameter.

Impact

Exploitation of this vulnerability leads to unauthorized reading of memory beyond the intended buffer, causing information disclosure from the CCM context. This could include key-dependent block cipher state and other internal CCM data.

Remediation

Users are advised to upgrade to Mbed TLS 3.6.6 or later versions in the 3.6 series. For those using Mbed TLS 4.x, the vulnerability is not present in the public API, but the same validation issue exists internally. If the multipart CCM API must be used, ensure that the 'tag_len' parameter does not exceed 16 bytes and matches the length negotiated in 'mbedtls_ccm_set_lengths()'.