Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-5814

Aug. 28, 2024, 12:57 p.m.

Product(s) Impacted

wolfSSL

Description

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500

Weaknesses

CWE-284
Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE ID: 284

Date

Published: Aug. 27, 2024, 7:15 p.m.

Last Modified: Aug. 28, 2024, 12:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

facts@wolfssl.com

References

https://github.com/ facts@wolfssl.com