CVE-2024-23775Integer Overflow or Wraparound in ARM Mbed TLS

CWE-190Integer Overflow or Wraparound8 documents7 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
0.4%
top 39.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mbed MbedtlsARM Mbed TLS
Timeline
PublishedJan 31
Latest updateMar 25

Description

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDarm/mbed_tls2.0.02.28.7+1
Debianmbed/mbedtls< 2.28.7-1+1
Ubuntumbed/mbedtls< 2.8.0-1ubuntu0.1~esm1+3

🔴Vulnerability Details

4
OSV
mbedtls vulnerabilities2026-03-25
GHSA
GHSA-fgff-579x-65fj: Integer Overflow vulnerability in Mbed TLS 22024-01-31
OSV
CVE-2024-23775: Integer Overflow vulnerability in Mbed TLS 22024-01-31
CVEList
CVE-2024-23775: Integer Overflow vulnerability in Mbed TLS 22024-01-31

📋Vendor Advisories

3
Ubuntu
Mbed TLS vulnerabilities2026-03-25
Microsoft
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().2024-01-09
Debian
CVE-2024-23775: mbedtls - Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5....2024
CVE-2024-23775 — Integer Overflow or Wraparound in ARM | cvebase