5 matches found
[SECURITY] [DLA 3249-1] mbedtls security update
Debian LTS Advisory DLA-3249-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 26, 2022 https://wiki.debian.org/LTS Package : mbedtls Version : 2.16.9-0deb10u1 CVE ID : CVE-2019-16910 CVE-2019-18222 CVE-2020-10932 CVE-2020-10941 CVE-2020-16150...
openSUSE 15 Security Update : mbedtls (openSUSE-SU-2022:10247-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10247-1 advisory. - An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an...
OPENSUSE-SU-2022:10247-1 Security update for mbedtls
This update for mbedtls fixes the following issues: - CVE-2022-35409: Fixed buffer overread in DTLS ClientHello parsing boo1201581...
ALPINE-CVE-2022-35409
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...
CVE-2022-35409
Mbed TLS DTLS heap over-read CVE-2022-35409: unauthenticated clients can send a malformed ClientHello to a DTLS server with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN below a config-dependent threshold, causing a heap-based over-read of up to 255 bytes and possibly ...