Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. (CVE-2023-43615)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-43615 advisory.

  - Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. (CVE-2023-43615)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202409-14 (Mbed TLS: Multiple Vulnerabilities)

    Multiple vulnerabilities have been discovered in Mbed TLS. Please review the CVE identifiers referenced     below for details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0352951853 advisory.

    - Update to 2.28.5
    - CVE-2023-43615

    Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5

    Security Advisory: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-     advisory-2023-10-1/

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e0ab860391 advisory.

    - Update to 2.28.5
    - CVE-2023-43615

    Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5

    Security Advisory: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-     advisory-2023-10-1/

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-5c6521d81d advisory.

    - Update to 2.28.5
    - CVE-2023-43615

    Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5

    Security Advisory: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-     advisory-2023-10-1/

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
244168	Linux Distros Unpatched Vulnerability : CVE-2023-43615	Nessus	Misc.	high
211936	CBL Mariner 2.0 Security Update: hvloader (CVE-2023-43615)	Nessus	MarinerOS Local Security Checks	high
207565	GLSA-202409-14 : Mbed TLS: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
185242	Fedora 39 : mbedtls (2023-0352951853)	Nessus	Fedora Local Security Checks	high
183907	Fedora 37 : mbedtls (2023-e0ab860391)	Nessus	Fedora Local Security Checks	high
182996	Fedora 38 : mbedtls (2023-5c6521d81d)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2023-43615

high

Tenable Plugins

high

high

critical

high

high

high