CVE-2024-5814

Name of the Vulnerable Software and Affected Versions WolfSSL (affected versions not specified)

Description A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. The issue is related to the implementation of the TLS protocol in the WolfSSL library, which is associated with access control deficiencies.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.