CVE-2022-35409Out-of-bounds Read in ARM Mbed TLS

CWE-125Out-of-bounds Read6 documents6 sources
Severity
9.1CRITICALNVD
EPSS
1.7%
top 17.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mbed MbedtlsARM Mbed TLSDebian Linux
Timeline
PublishedJul 15
Latest updateJul 16

Description

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 by

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDarm/mbed_tls3.0.03.2.0+1
Debianmbed/mbedtls< 2.28.1-1+2

Also affects: Debian Linux 10.0

🔴Vulnerability Details

3
GHSA
GHSA-m52q-qpp4-f753: An issue was discovered in Mbed TLS before 22022-07-16
CVEList
CVE-2022-35409: An issue was discovered in Mbed TLS before 22022-07-15
OSV
CVE-2022-35409: An issue was discovered in Mbed TLS before 22022-07-15

📋Vendor Advisories

2
Microsoft
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-2022-07-12
Debian
CVE-2022-35409: mbedtls - An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some ...2022
CVE-2022-35409 — Out-of-bounds Read in ARM Mbed TLS | cvebase