Search for vulnerabilities
Vulnerability details: VCID-nhkf-eraa-aaaa
Vulnerability ID VCID-nhkf-eraa-aaaa
Aliases CVE-2024-23775
Summary Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
epss 0.02009 https://api.first.org/data/v1/epss?cve=CVE-2024-23775
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
cvssv3.1 7.5 https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
ssvc Track https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-23775
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-23775
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-23775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
CVE-2024-23775 https://nvd.nist.gov/vuln/detail/CVE-2024-23775
GLSA-202409-14 https://security.gentoo.org/glsa/202409-14
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/ Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-23775
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-23775
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22280
EPSS Score 0.00053
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-27T03:57:20.700730+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/edge/main.json 34.0.0rc2