216.73.216.133

CVE-2024-5814

· Published 27/08/2024 19:15 · Modified 28/08/2024 12:57

Labels: CVE-2024-5814 2024-08-27CVE-2024-5814CWE-284[email protected]

Essential information

Published
27/08/2024 19:15
Modified
28/08/2024 12:57
Author
Creator
CISA KEV
No
CWE

Description

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References