Lucene search
HistoryAug 27, 2024 - 7:15 p.m.
CVE-2024-5814
tls downgrade attack
tls1.2
tls1.3
ciphersuite
server helloparsing
EPSS
0
Percentile
9.5%
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500
Related
cvelist
cvelist
CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade
2024-08-27 18:38:08
osv
osv
CVE-2024-5814
2024-08-27 19:15:17
vulnrichment
vulnrichment
CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade
2024-08-27 18:38:08
ubuntucve
ubuntucve
CVE-2024-5814
2024-08-27 00:00:00
cve
cve
CVE-2024-5814
2024-08-27 19:15:17
debiancve
debiancve
CVE-2024-5814
2024-08-27 19:15:17
alpinelinux
alpinelinux
CVE-2024-5814
2024-08-27 19:15:17
freebsd
freebsd
netatalk3 -- multiple WolfSSL vulnerabilities
2024-09-08 00:00:00
slackware
slackware
[slackware-security] netatalk
2024-09-09 17:33:03
openvas
openvas
Slackware: Security Advisory (SSA:2024-253-01)
2024-09-10 00:00:00
nessus
nessus