An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Arm
  • Mbed Tls

Configuration 1 [-]

cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
References
Link Resource
https://github.com/Mbed-TLS/mbedtls/issues/8694 Exploit Issue Tracking Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-21T00:00:00

Updated: 2024-01-21T22:31:58.912876

Reserved: 2024-01-21T00:00:00

Link: CVE-2024-23744

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2024-01-21T23:15:44.833

Modified: 2024-02-07T21:02:06.963

Link: CVE-2024-23744

JSON object: View

cve-icon Redhat Information

No data.

CWE