Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mbed TLS 安全漏洞
Vulnerability Description
Mbed TLS是一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 3.6.0 之前版本存在安全漏洞,该漏洞源于允许攻击者阻止 Mbed TLS 服务器建立任何 TLS 1.3 连接,可能导致拒绝服务或强制版本从 TLS 1.3 降级到 TLS 1.2。
CVSS Information
N/A
Vulnerability Type
N/A