CVE-2024-53379
Published: 23 January 2025
Summary
CVE-2024-53379 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-53379 is a heap buffer overflow vulnerability (CWE-120) in the server-side handshake implementation of Real Time Logic LLC's SharkSSL library, affecting versions starting from the commit 64808a5e12c83b38f85c943dee0112e428dc2a43 dated 05/05/24. The issue arises during processing of SSL/TLS handshakes and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for availability disruption.
A remote attacker can exploit this vulnerability by sending a malformed Client-Hello message to a vulnerable SharkSSL server, triggering the heap buffer overflow and causing a denial-of-service condition, such as application crash or service unavailability. Exploitation requires no authentication or user interaction, only network access to the affected service, making it accessible to unauthenticated attackers over the internet.
Mitigation details and additional analysis are available in the advisory published by Telekom at https://www.telekom.com/resource/blob/1086326/e6e800ec1e4e675ca0d8fdafab86ea8c/dl-250122-cve-2024-53379-data.pdf. The vulnerability was publicly disclosed on 2025-01-23.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51961
Vulnerability details
Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of public-facing SSL server via malformed handshake leads to application DoS through vulnerability trigger (T1190 for initial exploitation of public app; T1499.004 for resulting endpoint/application DoS via exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely flaw remediation, directly addressing the heap buffer overflow by patching vulnerable SharkSSL versions to prevent exploitation via malformed Client-Hello messages.
SI-16 implements memory protection mechanisms such as heap hardening to prevent unauthorized code execution from heap buffer overflows triggered by malformed TLS handshake inputs.
SI-10 enforces validation of information inputs like TLS Client-Hello messages to reject malformed packets before they reach the vulnerable handshake processing code.