Security Advisory

CVE-2024-5814

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-27 18:38:08

Last updated 2024-08-27 19:21:04

Assigner wolfSSL

State PUBLISHED

Description

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500

← Browse all CVEs View on cve.org ↗