CVE-2024-23775

7.5HIGH

Key Information

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 31 January 2024

Summary

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 31, 2024
Vulnerability Reserved.
Jan 22, 2024

Collectors

NVD DatabaseMitre Database