CVE-2024-28836 in mbed TLS정보

요약

\~에 의해 MITRE • 2024. 04. 03.

An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2024. 03. 11.

공개

2024. 04. 03.

모더레이션

수락

항목

VDB-259080

CPE

준비됨

CWE

CWE-326 (확인됨)

CVSS

5.4 (CNA)

EPSS

0.00315

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-28836
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-28836
CVE Details	https://www.cvedetails.com/cve/CVE-2024-28836/

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!