CVE-2023-52353 Information

Description

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset the maximum negotiable TLS version is mishandled. For example if the last connection negotiated TLS 1.2 then 1.2 becomes the new maximum.

Reference

https://github.com/Mbed-TLS/mbedtls/issues/8654