CVE-2024-30166Stack-based Buffer Overflow in ARM Mbed TLS

CWE-121Stack-based Buffer Overflow6 documents6 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 42.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ARM Mbed TLS
Timeline
PublishedApr 3
Latest updateNov 12

Description

In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDarm/mbed_tls3.3.03.6.0

🔴Vulnerability Details

3
OSV
CVE-2024-30166: In Mbed TLS 32024-04-03
CVEList
CVE-2024-30166: In Mbed TLS 32024-04-03
GHSA
GHSA-jqcx-vw98-5q84: In Mbed TLS 32024-04-03

📋Vendor Advisories

2
Microsoft
CVE-2024-30166: NIST NVD Details: https://nvd2024-11-12
Debian
CVE-2024-30166: mbedtls - In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause infor...2024
CVE-2024-30166 — Stack-based Buffer Overflow in ARM | cvebase