CVE Vulnerabilities

CVE-2024-23744

Published: Jan 21, 2024 | Modified: Feb 07, 2024

CVSS 3.x

7.5

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

MEDIUM

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-23744
CWE	https://cwe.mitre.org/data/definitions/.html

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

Affected Software

Name	Vendor	Start Version	End Version
Mbed_tls	Arm	3.4.0 (excluding)	3.5.1 (including)
Mbedtls	Ubuntu	bionic	*
Mbedtls	Ubuntu	lunar	*
Mbedtls	Ubuntu	mantic	*
Mbedtls	Ubuntu	xenial	*

References

https://github.com/Mbed-TLS/mbedtls/issues/8694

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.