Vulnerability Database

296,747

Total vulnerabilities in the database

CVE-2024-30166

In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.

Published: Apr 3, 2024
Updated: Apr 4, 2024
CVE: CVE-2024-30166
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arm / mbed_tls	3.3.0	3.6.0

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo