An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-21T00:00:00

Updated: 2024-08-02T22:55:41.778Z

Reserved: 2024-01-21T00:00:00

Link: CVE-2023-52353

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-21T23:15:44.220

Modified: 2024-11-21T08:39:37.730

Link: CVE-2023-52353

cve-icon Redhat

No data.