An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/Mbed-TLS/mbedtls/issues/8654 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-21T00:00:00
Updated: 2024-08-02T22:55:41.778Z
Reserved: 2024-01-21T00:00:00
Link: CVE-2023-52353
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-21T23:15:44.220
Modified: 2024-11-21T08:39:37.730
Link: CVE-2023-52353
Redhat
No data.