Denial of Service Vulnerability in Mbed TLS 3.5.1
CVE-2024-23744

7.5HIGH

Key Information:

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 21 January 2024

Summary

A vulnerability has been identified in Mbed TLS 3.5.1, where a persistent handshake denial occurs if a client sends a TLS 1.3 ClientHello message without including any extensions. This flaw can disrupt secure communication, resulting in service interruptions for affected applications. It is crucial for users of Mbed TLS to ensure they are implementing the latest version and configurations to mitigate potential exploitation risks.

References

https://github.com/Mbed-TLS/mbedtls/issues/8694

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2024
Vulnerability Reserved
Jan 21, 2024