CVE-2023-24609

Published: Dec 22, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB (in RAM). With a large number of crafted TLS messages, the CPU becomes heavily loaded. This occurs in tls13VerifyBinder and tls13TranscriptHashUpdate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842

https://www.rambus.com/security/software-protocols/tls-toolkit/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-24609

Description

Affected Products

References