CVE-2024-11738

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 248

Summary

CVE-2024-11738 is a newly identified vulnerability affecting Rustls 0.23.13 and related APIs. This issue permits a denial of service attack through a fragmented TLS ClientHello message. An attacker can exploit this flaw by sending incomplete TLS ClientHello messages to the targeted system, causing it to panic and become unresponsive. The exact cause of this vulnerability lies in the Rustls library's handling of fragmented ClientHello messages. This issue poses a significant risk for systems using Rustls and related APIs, as it can lead to denial of service attacks. System administrators are advised to update their Rustls installation to a fixed version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share