JLSEC-2025-224

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-224.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-224.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2025-224

Upstream

CVE-2024-23775

Published

2025-11-21T15:59:04.054Z

Modified

2025-11-21T16:18:03.073593Z

Summary

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers ...

Details

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtlsx509set_extension().

Database specific

{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "published": "2024-01-31T08:15:42.267Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-23775",
            "modified": "2025-11-04T19:16:54.560Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23775",
            "id": "CVE-2024-23775",
            "imported": "2025-11-20T23:04:02.692Z"
        }
    ]
}

References

Affected packages

Julia / MbedTLS_jll

Package

Name: MbedTLS_jll
Purl: pkg:julia/MbedTLS_jll?uuid=c8ffd9c3-330d-5841-b78e-0817d7145fa1

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.28.10+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-224.json"