Mbed TLS TLS Version Mishandling Vulnerability

Mbed TLS TLS Version Mishandling Vulnerability

CVE-2023-52353 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

Learn more about our Web Application Penetration Testing UK.