GHSA-8mfx-6cpc-cr47
An out-of-bounds write vulnerability exists in the Renesas TSIP TLS 1.3 transcript buffer within the tsip_StoreMessage() function. The function fails to return after detecting capacity overflow, leading to a buffer overflow when processing unusually large TLS 1.3 handshake messages. This can corrupt adjacent heap memory and potentially cause a remote denial of service. The issue affects only builds using the Renesas TSIP TLS port as a TLS 1.3 client on Renesas MCUs with TSIP hardware enabled. Other configurations are not affected.
AI Analysis
Technical Summary
The vulnerability (CVE-2026-55958) is an out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In the tsip_StoreMessage() function, a capacity check for the fixed-size message bag (8 KB) sets an error code but does not return, causing execution to continue to an XMEMCPY operation that writes beyond the buffer boundary. This occurs when the TLS 1.3 handshake transcript exceeds the buffer size, which can happen with an unusually large but valid certificate chain or a maliciously oversized handshake message from a server. This leads to heap corruption and may cause a remote denial of service crash. The vulnerability only affects TLS 1.3 client builds using the Renesas TSIP TLS port on Renesas MCUs with TSIP hardware enabled. All other builds and configurations are unaffected.
Potential Impact
The vulnerability can cause heap corruption due to an out-of-bounds write, potentially leading to a remote denial of service crash. It requires a TLS 1.3 handshake transcript larger than 8 KB, which is uncommon and typically only occurs with unusually large certificate chains or malicious oversized handshake messages. This impacts only specific Renesas TSIP TLS client builds on Renesas MCUs with TSIP hardware enabled. There is no indication of code execution or data disclosure from the provided data.
Mitigation Recommendations
No patch or official fix information is currently available. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, avoid using the affected Renesas TSIP TLS client builds with TSIP hardware enabled in environments where untrusted or malicious servers might send oversized TLS 1.3 handshake messages. Monitor vendor communications for updates and apply patches once available.
GHSA-8mfx-6cpc-cr47
Description
An out-of-bounds write vulnerability exists in the Renesas TSIP TLS 1.3 transcript buffer within the tsip_StoreMessage() function. The function fails to return after detecting capacity overflow, leading to a buffer overflow when processing unusually large TLS 1.3 handshake messages. This can corrupt adjacent heap memory and potentially cause a remote denial of service. The issue affects only builds using the Renesas TSIP TLS port as a TLS 1.3 client on Renesas MCUs with TSIP hardware enabled. Other configurations are not affected.
CVSS v4.0
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability (CVE-2026-55958) is an out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In the tsip_StoreMessage() function, a capacity check for the fixed-size message bag (8 KB) sets an error code but does not return, causing execution to continue to an XMEMCPY operation that writes beyond the buffer boundary. This occurs when the TLS 1.3 handshake transcript exceeds the buffer size, which can happen with an unusually large but valid certificate chain or a maliciously oversized handshake message from a server. This leads to heap corruption and may cause a remote denial of service crash. The vulnerability only affects TLS 1.3 client builds using the Renesas TSIP TLS port on Renesas MCUs with TSIP hardware enabled. All other builds and configurations are unaffected.
Potential Impact
The vulnerability can cause heap corruption due to an out-of-bounds write, potentially leading to a remote denial of service crash. It requires a TLS 1.3 handshake transcript larger than 8 KB, which is uncommon and typically only occurs with unusually large certificate chains or malicious oversized handshake messages. This impacts only specific Renesas TSIP TLS client builds on Renesas MCUs with TSIP hardware enabled. There is no indication of code execution or data disclosure from the provided data.
Mitigation Recommendations
No patch or official fix information is currently available. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, avoid using the affected Renesas TSIP TLS client builds with TSIP hardware enabled in environments where untrusted or malicious servers might send oversized TLS 1.3 handshake messages. Monitor vendor communications for updates and apply patches once available.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-8mfx-6cpc-cr47
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-55958"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a3ef7e927e9c79719032dcf
Added to database: 06/26/2026, 22:06:33 UTC
Last enriched: 06/26/2026, 22:47:07 UTC
Last updated: 06/26/2026, 23:51:25 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.