CVE-2024-30166
9.1 CRITICALIn Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a sta...
Published: 2024-04-03 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 9.1 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
- CWE
- CWE-121
Affected products
| Vendor | Product |
|---|---|
| trustedfirmware | mbed_tls |
Description
In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2024-30166
- [Other]https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
- [Vendor advisory]https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
- [Other]https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
- [Vendor advisory]https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
Related CVEs
Same vendor
- CVE-2026-45702 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.4 MEDIUM)
- CVE-2026-45614 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.7 MEDIUM)
- CVE-2026-40290 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.8 HIGH)
- CVE-2026-33662 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.5 HIGH)
- CVE-2026-33317 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (8.7 HIGH)
Same CWE
- CVE-2026-12200 — A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32 (7.3 HIGH)
- CVE-2025-7019 — Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivir... (5.5 MEDIUM)
- CVE-2026-49760 — Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow
- CVE-2026-49759 — Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by...
- CVE-2026-26241 — A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)