Описание
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
EPSS
Процентиль: 7%
0.0003
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-1188
Связанные уязвимости
CVSS3: 5.4
ubuntu
3 месяца назад
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
CVSS3: 5.4
debian
3 месяца назад
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, acce ...
CVSS3: 5.4
github
3 месяца назад
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
EPSS
Процентиль: 7%
0.0003
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-1188