CVE-2024-28755EPSS p31.9%

CVE-2024-28755CVE-2024-28755

trustedfirmware / mbed_tls

Description

An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS0.40% probability of exploitation · percentile 31.9% · 2026-06-18T12:00:27Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2024-28836
CVE
CVE-2024-23744
CVE
CVE-2024-23775
CVE
CVE-2024-30166
CVE
CVE-2026-25834
CVE
CVE-2023-43615
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.