PT-2023-5882 · Mbed Tls+3 · Mbed Tls+3
Published
2023-10-05
·
Updated
2025-08-21
·
CVE-2023-43615
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mbed TLS versions 2.x before 2.28.5
Mbed TLS versions 3.x before 3.5.0
Description
The issue is related to errors in handling encryption in (D)TLS connections, specifically when using zero encryption or RC4 cipher. This can allow a remote attacker to execute arbitrary code. The issue is a buffer overflow.
Recommendations
For Mbed TLS versions 2.x before 2.28.5, update to version 2.28.5 or later.
For Mbed TLS versions 3.x before 3.5.0, update to version 3.5.0 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Debian
Mbed Tls
Red Os