Ciphersuite Downgrade Attack via Skipping Fully Parsing Server Hello
CVE-2024-5814

Currently unrated

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 27 August 2024

What is CVE-2024-5814?

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wolfSSL 0 <= 5.7.0

References

https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog....

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Jun 10, 2024

Credit

Armin Najafabadi

Per Allansson

JSON

Wolfssl