Buffer Overflow Vulnerability in Mbed TLS by ARM
CVE-2023-43615

7.5HIGH

Key Information:

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 7 October 2023

What is CVE-2023-43615?

The Mbed TLS library in its versions 2.x prior to 2.28.5 and 3.x prior to 3.5.0 is susceptible to a buffer overflow vulnerability. This flaw could lead to unauthorized access or manipulation of memory, potentially allowing an attacker to execute arbitrary code or disrupt service. It is critical for users and organizations relying on these versions to update promptly and mitigate any associated risks.

References

https://mbed-tls.readthedocs.io/en/latest/security-adviso...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2023
Vulnerability Reserved
Sep 20, 2023

Arm

What is CVE-2023-43615?

References

CVSS V3.1

Timeline