Improperly Implemented Security Check for Standard Affecting mbedtls package, versions [,3.6.0)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.47% (37th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-MBEDTLS-10077655
  • published8 May 2025
  • disclosed21 Jan 2024
  • credithey3e

Introduced: 21 Jan 2024

CVE-2023-52353  (opens in a new tab)
CWE-358  (opens in a new tab)

How to fix?

Upgrade mbedtls to version 3.6.0 or higher.

Overview

Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper handling of the maximum negotiable TLS version in the mbedtls_ssl_session_reset function. An attacker can downgrade subsequent TLS connections by initiating a connection that negotiates a lower TLS version than the server supports.

CVSS Base Scores

version 3.1