CVE-2023-45199 — Classic Buffer Overflow in ARM Mbed TLS

Severity

9.8CRITICALNVD

EPSS

9.3%

top 7.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 7

Description

Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶NVDarm/mbed_tls3.2.0 — 3.5.0

CVEList

CVE-2023-45199: Mbed TLS 3↗2023-10-07

▶

GHSA

GHSA-9xgp-crg4-hgxq: Mbed TLS 3↗2023-10-07

▶

OSV

CVE-2023-45199: Mbed TLS 3↗2023-10-07

▶

Oracle

Oracle Oracle Financial Services Applications Risk Matrix: Reports (Pillow) — CVE-2022-45199↗2023-07-15

▶

Debian

CVE-2023-45199: mbedtls - Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to r...↗2023

▶