Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-52353

Опубликовано: 21 янв. 2024
Источник: debian

Описание

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mbedtlsnot-affectedpackage

Примечания

  • https://github.com/Mbed-TLS/mbedtls/issues/8654

  • https://github.com/Mbed-TLS/mbedtls/commit/ad736991bb59211118a29fe115367c24495300c2 (mbedtls-3.6.0)

  • Experimental TLS 1.3 support not enabled in 2.x packages, TLS 1.3 is enabled

  • in Debian/experimental, but the first upload directly provides fixes, so mark

  • as <not-affected> altogether

Связанные уязвимости

ubuntu логотип

CVE-2023-52353

CVSS3: 7.5
ubuntu
около 2 лет назад

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

nvd логотип

CVE-2023-52353

CVSS3: 7.5
nvd
около 2 лет назад

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

msrc логотип

CVE-2023-52353

CVSS3: 7.5
msrc
около 1 года назад

Описание отсутствует

github логотип

GHSA-jggj-wjwc-8gg9

CVSS3: 7.5
github
около 2 лет назад

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.