Integer Overflow Vulnerability in Mbed TLS 2.x and 3.x by Arm
CVE-2024-23775

7.5HIGH

Key Information:

Vendor

Arm
Status
Mbed Tls
Vendor
CVE Published:
31 January 2024

What is CVE-2024-23775?

An Integer Overflow vulnerability in Mbed TLS versions 2.x prior to 2.28.7 and 3.x prior to 3.5.2 exists, which may allow an attacker to exploit the mbedtls_x509_set_extension() function to cause a Denial of Service (DoS). This flaw can be particularly damaging as it can disrupt the normal operation of applications relying on Mbed TLS for secure communications.

References

https://mbed-tls.readthedocs.io/en/latest/security-adviso...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-23775 : Integer Overflow Vulnerability in Mbed TLS 2.x and 3.x by Arm