CVE-2022-35409

Published: 7/15/2022 Last updated: 8/3/2024 Reserved: 7/8/2022

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-mbedtls

Products affected (1)

Product	Vendor	Version
n/a	n/a	< V2.2

References (6)

https://github.com/Mbed-TLS/mbedtls/releases
https://mbed-tls.readthedocs.io/en/latest/security-advisories/advisories/mbedtls-security-advisory-2022-07.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://github.com/Mbed-TLS/mbedtls/releases
https://mbed-tls.readthedocs.io/en/latest/security-advisories/advisories/mbedtls-security-advisory-2022-07.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html