CVE-2024-28836
CVE-2024-28836 affects Mbed TLS 3.5.x before 3.6.0. During server-side TLS version negotiation, the implementation can fall back to TLS 1.2 if TLS 1.2 is disabled. If TLS 1.2 was disabled at build time, a TLS 1.2 client could cause a denial of service by looping on a TLS 1.2 ClientHello for a TLS...