In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Configurations
No configuration.
History
01 Aug 2024, 13:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-295 |
15 Feb 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-15 23:15
Updated : 2024-08-01 13:44
NVD link : CVE-2023-40104
Mitre link : CVE-2023-40104
CVE.ORG link : CVE-2023-40104
JSON object : View
Products Affected
No product.
CWE
CWE-295
Improper Certificate Validation