Heap Buffer Overflow in SharkSSL Affects Real Time Logic Products
CVE-2024-48075

5.3MEDIUM

Key Information:

Vendor: Real Time Logic
Status: SharkSSL
Vendor: CVE Published:; 12 November 2024

🔔 Create Real Time Logic Vulnerability Alert

What is CVE-2024-48075?

A heap buffer overflow vulnerability has been identified in the server-side handshake implementation within SharkSSL. This issue allows remote attackers to exploit the flaw by sending a specially crafted TLS Client Key Exchange message, which could lead to a Denial-of-Service scenario. It is critical for users of SharkSSL versions 09.09.24 and earlier to apply security updates promptly to mitigate potential risks.

References

https://github.com/RealTimeLogic/SharkSSL/commit/7045f6f2...

https://www.telekom.com/resource/blob/1083076/8bf5c035200...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024

CVE-2024-48075 Data

JSON