CVE-2026-25833
Buffer Overflow in Mbed TLS x509_inet_pton_ipv6 Function
Publication date: 2026-04-01
Last updated on: 2026-04-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | From 3.5.0 (inc) to 3.6.6 (exc) |
| arm | mbed_tls | 4.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25833 is a buffer underflow vulnerability in the function x509_inet_pton_ipv6() within Mbed TLS. This issue arises due to improper handling of input data when parsing IPv6 addresses in X.509 certificates, leading to a buffer underflow condition.
The vulnerability can potentially cause memory safety issues such as crashes or arbitrary code execution.
How can this vulnerability impact me? :
This vulnerability can lead to serious memory safety issues including application crashes or even arbitrary code execution, which could allow an attacker to take control of the affected system or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Mbed TLS to version 3.6.6 or later, or to version 4.1.0 or later, where the buffer overflow in the x509_inet_pton_ipv6() function has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the buffer underflow vulnerability in Mbed TLS affects compliance with common standards and regulations such as GDPR or HIPAA.