Cyber Resilience

CVE-2024-53379

High

Published: 23 January 2025

Published
23 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0058 69.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53379 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-53379 is a heap buffer overflow vulnerability (CWE-120) in the server-side handshake implementation of Real Time Logic LLC's SharkSSL library, affecting versions starting from the commit 64808a5e12c83b38f85c943dee0112e428dc2a43 dated 05/05/24. The issue arises during processing of SSL/TLS handshakes and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for availability disruption.

A remote attacker can exploit this vulnerability by sending a malformed Client-Hello message to a vulnerable SharkSSL server, triggering the heap buffer overflow and causing a denial-of-service condition, such as application crash or service unavailability. Exploitation requires no authentication or user interaction, only network access to the affected service, making it accessible to unauthenticated attackers over the internet.

Mitigation details and additional analysis are available in the advisory published by Telekom at https://www.telekom.com/resource/blob/1086326/e6e800ec1e4e675ca0d8fdafab86ea8c/dl-250122-cve-2024-53379-data.pdf. The vulnerability was publicly disclosed on 2025-01-23.

EU & UK References

Vulnerability details

Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated exploitation of public-facing SSL server via malformed handshake leads to application DoS through vulnerability trigger (T1190 for initial exploitation of public app; T1499.004 for resulting endpoint/application DoS via exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-29361Shared CWE-120
CVE-2026-27942Shared CWE-120
CVE-2025-50646Shared CWE-120
CVE-2025-29363Shared CWE-120
CVE-2025-50652Shared CWE-120
CVE-2025-29362Shared CWE-120
CVE-2025-50673Shared CWE-120
CVE-2025-50649Shared CWE-120
CVE-2025-50665Shared CWE-120
CVE-2025-29359Shared CWE-120

Affected Assets

SharkSSL
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely flaw remediation, directly addressing the heap buffer overflow by patching vulnerable SharkSSL versions to prevent exploitation via malformed Client-Hello messages.

prevent

SI-16 implements memory protection mechanisms such as heap hardening to prevent unauthorized code execution from heap buffer overflows triggered by malformed TLS handshake inputs.

prevent

SI-10 enforces validation of information inputs like TLS Client-Hello messages to reject malformed packets before they reach the vulnerable handshake processing code.

References