Published on: Not Yet Published
Last Modified on: 08/30/2022 02:58:00 PM UTC
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
- CVE-2022-35409 has been assigned by [email protected] to track the vulnerability - currently rated as CRITICAL severity.
CVSS3 Score: 9.1 - CRITICAL
|Releases · Mbed-TLS/mbedtls · GitHub|| github.com |
|Buffer overread in DTLS ClientHello parsing — Mbed TLS documentation|| mbed-tls.readthedocs.io |
Related QID Numbers
- 502428 Alpine Linux Security Update for mbedtls
Known Affected Configurations (CPE V2.3)
|@CVEreport||CVE-2022-35409 : An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some configurations, an… twitter.com/i/web/status/1…||2022-07-15 14:04:31|
|@threatmeter||CVE-2022-35409 An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some configurations, an u… twitter.com/i/web/status/1…||2022-07-16 07:09:36|
|@ColorTokensInc||Emerging Vulnerability Found CVE-2022-35409 - An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.… twitter.com/i/web/status/1…||2022-07-16 07:09:42|
|@threatmeter||CVE-2022-35409 | mbed TLS up to 2.28.1/3.1.x ClientHello Message heap-based overflow A vulnerability was found in m… twitter.com/i/web/status/1…||2022-07-17 07:50:23|