cbcvebase.
CVE-2024-23775
published 2024-01-31

CVE-2024-23775: Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via…

PriorityP433high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.12%
62.1th percentile
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

Affected

15 ranges
VendorProductVersion rangeFixed in
armmbed_tls>= 2.0.0 < 2.28.72.28.7
debianmbedtls< mbedtls 2.28.7-1 (forky)mbedtls 2.28.7-1 (forky)
mbedmbedtls>= 0 < 2.28.7-12.28.7-1
mbedmbedtls>= 0 < 2.28.7-12.28.7-1
mbedmbedtls>= 0 < 2.8.0-1ubuntu0.1~esm12.8.0-1ubuntu0.1~esm1
mbedmbedtls>= 0 < 2.16.4-1ubuntu2+esm12.16.4-1ubuntu2+esm1
mbedmbedtls>= 0 < 2.28.0-1ubuntu0.1~esm12.28.0-1ubuntu0.1~esm1
mbedmbedtls>= 0 < 2.28.8-1ubuntu0.1~esm12.28.8-1ubuntu0.1~esm1
msrcazl3_qemu_8.2.0-16_on_azure_linux_3.0
msrccbl2_hvloader_1.0.1-5_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-6_on_cbl_mariner_2.0
msrccbl2_qemu_6.2.0-24_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
trustedfirmwarembed_tls>= 3.0.0 < 3.5.23.5.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.