Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of states or tags, which triggers an out-of-bounds write.