CVE-2022-35409

2022-07-1514:15:09

Debian Security Bug Tracker

security-tracker.debian.org

mbed tls

dtls server

buffer over-read

server crash

information disclosure

unauthenticated attacker

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

48.7%

JSON

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

OSVersionArchitecturePackageVersionFilename
Debian12allmbedtls< 2.28.1-1mbedtls_2.28.1-1_all.deb
Debian11allmbedtls<= 2.16.9-0.1mbedtls_2.16.9-0.1_all.deb
Debian999allmbedtls< 2.28.1-1mbedtls_2.28.1-1_all.deb
Debian13allmbedtls< 2.28.1-1mbedtls_2.28.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mbedtls	< 2.28.1-1	mbedtls_2.28.1-1_all.deb
Debian	11	all	mbedtls	<= 2.16.9-0.1	mbedtls_2.16.9-0.1_all.deb
Debian	999	all	mbedtls	< 2.28.1-1	mbedtls_2.28.1-1_all.deb
Debian	13	all	mbedtls	< 2.28.1-1	mbedtls_2.28.1-1_all.deb