CVE-2022-35409
published 2022-07-15CVE-2022-35409: An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello…
PriorityP351critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
1.83%
76.2th percentile
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | mbed_tls | < 2.28.1 | 2.28.1 |
| debian | debian_linux | — | — |
| debian | mbedtls | < mbedtls 2.28.1-1 (bookworm) | mbedtls 2.28.1-1 (bookworm) |
| mbed | mbedtls | >= 0 < 2.28.1-1 | 2.28.1-1 |
| mbed | mbedtls | >= 0 < 2.28.1-1 | 2.28.1-1 |
| mbed | mbedtls | >= 0 < 2.28.1-1 | 2.28.1-1 |
| msrc | azl3_qemu_8.2.0-16_on_azure_linux_3.0 | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| trustedfirmware | mbed_tls | >= 3.0.0 < 3.2.0 | 3.2.0 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_msrc9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-
vendor_msrc·2022-07-12·CVSS 9.1
CVE-2022-35409 [CRITICAL] CWE-125 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who c
Debian
CVE-2022-35409: mbedtls - An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some ...
vendor_debian·2022·CVSS 9.1
CVE-2022-35409 [CRITICAL] CVE-2022-35409: mbedtls - An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some ...
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
Scope: local
bookworm: resolved (fixed in 2.28.1-1)
bullseye: open
forky: resolved (fixed in 2.28.1-1)
sid: resolved (fixed in 2.28.1-1)
trixie: resolved (fixed in 2.28.1-1)
VulDB
mbed TLS up to 2.28.1/3.1.x ClientHello Message heap-based overflow
vuldb·2026-06-06·CVSS 9.1
CVE-2022-35409 [CRITICAL] mbed TLS up to 2.28.1/3.1.x ClientHello Message heap-based overflow
A vulnerability has been found in mbed TLS up to 2.28.1/3.1.x and classified as critical. Affected is an unknown function of the component ClientHello Message Handler. This manipulation causes heap-based buffer overflow.
This vulnerability appears as CVE-2022-35409. The attack may be initiated remotely. There is no available exploit.
The affected component should be upgraded.
GHSA
GHSA-m52q-qpp4-f753: An issue was discovered in Mbed TLS before 2
ghsa_unreviewed·2022-07-16
CVE-2022-35409 [CRITICAL] CWE-125 GHSA-m52q-qpp4-f753: An issue was discovered in Mbed TLS before 2
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
OSV
CVE-2022-35409: An issue was discovered in Mbed TLS before 2
osv·2022-07-15·CVSS 9.1
CVE-2022-35409 [CRITICAL] CVE-2022-35409: An issue was discovered in Mbed TLS before 2
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Mbed-TLS/mbedtls/releaseshttps://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlhttps://mbed-tls.readthedocs.io/en/latest/security-advisories/advisories/mbedtls-security-advisory-2022-07.htmlhttps://github.com/Mbed-TLS/mbedtls/releaseshttps://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlhttps://mbed-tls.readthedocs.io/en/latest/security-advisories/advisories/mbedtls-security-advisory-2022-07.html
2022-07-15
Published