Buffer Overflow Vulnerability in Mbed TLS Affects Multiple Versions
CVE-2023-45199

9.8CRITICAL

Key Information:

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 7 October 2023

Summary

The Mbed TLS library versions 3.2.x to 3.4.x prior to 3.5 are susceptible to a buffer overflow vulnerability, which could enable attackers to execute arbitrary code remotely. This flaw arises from improper handling of user-supplied input, leading to potential exploitation. Users of Mbed TLS are urged to upgrade to the latest version to mitigate this risk.

References

https://mbed-tls.readthedocs.io/en/latest/security-adviso...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 7, 2023
Vulnerability Reserved
Oct 5, 2023