CVE-2024-5814
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-5814
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5814.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-5814
- Related
- Published
- 2024-08-27T19:15:17Z
- Modified
- 2024-09-25T06:01:49.834148Z
- Summary
- [none]
- Details
-
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500
- References
Affected packages
Debian:11 / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/debian/wolfssl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.6.0-3
4.6.0+p1-0+deb11u1
4.6.0+p1-0+deb11u2
5.*
5.0.0-1~bpo11+1
5.0.0-1
5.1.1-1~bpo11+1
5.1.1-1
5.2.0-1
5.2.0-2~bpo11+1
5.2.0-2
5.5.3-1
5.5.3-2
5.5.3-3~bpo11+1
5.5.3-3
5.5.4-1
5.5.4-2~bpo11+1
5.5.4-2
5.5.4-2.1
5.6.4-1
5.6.4-2
5.6.6-1
5.6.6-1.1
5.6.6-1.2
5.6.6-1.3~exp1
5.6.6-1.3
5.7.0-0.1
5.7.0-0.2
5.7.0-0.3
5.7.2-0.1
Debian:12 / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/debian/wolfssl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / wolfssl
Package
- Name
- wolfssl
- Purl
- pkg:deb/debian/wolfssl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.7.2-0.1