CVE-2022-35409 Common Vulnerabilities and Exposures

Upstream information

CVE-2022-35409 at MITRE

Description

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v3 Scores
	National Vulnerability Database
Base Score	9.1
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	None
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1201581 [NEW]

SUSE Security Advisories:

openSUSE-SU-2022:10247-1, published Thu Dec 22 18:45:01 2022

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP3	`libmbedcrypto3 >= 2.16.9-bp153.2.8.1` `libmbedcrypto3-32bit >= 2.16.9-bp153.2.8.1` `libmbedcrypto3-64bit >= 2.16.9-bp153.2.8.1` `libmbedtls12 >= 2.16.9-bp153.2.8.1` `libmbedtls12-32bit >= 2.16.9-bp153.2.8.1` `libmbedtls12-64bit >= 2.16.9-bp153.2.8.1` `libmbedx509-0 >= 2.16.9-bp153.2.8.1` `libmbedx509-0-32bit >= 2.16.9-bp153.2.8.1` `libmbedx509-0-64bit >= 2.16.9-bp153.2.8.1` `mbedtls-devel >= 2.16.9-bp153.2.8.1`	Patchnames: openSUSE-2022-10247
openSUSE Leap 15.3	`libmbedcrypto3 >= 2.16.9-bp153.2.8.1` `libmbedcrypto3-32bit >= 2.16.9-bp153.2.8.1` `libmbedcrypto3-64bit >= 2.16.9-bp153.2.8.1` `libmbedtls12 >= 2.16.9-bp153.2.8.1` `libmbedtls12-32bit >= 2.16.9-bp153.2.8.1` `libmbedtls12-64bit >= 2.16.9-bp153.2.8.1` `libmbedx509-0 >= 2.16.9-bp153.2.8.1` `libmbedx509-0-32bit >= 2.16.9-bp153.2.8.1` `libmbedx509-0-64bit >= 2.16.9-bp153.2.8.1` `mbedtls-devel >= 2.16.9-bp153.2.8.1`	Patchnames: openSUSE-2022-10247
openSUSE Tumbleweed	`libmbedcrypto7 >= 2.28.1-1.1` `libmbedcrypto7-32bit >= 2.28.1-1.1` `libmbedtls14 >= 2.28.1-1.1` `libmbedtls14-32bit >= 2.28.1-1.1` `libmbedx509-1 >= 2.28.1-1.1` `libmbedx509-1-32bit >= 2.28.1-1.1` `mbedtls-devel >= 2.28.1-1.1`	Patchnames: openSUSE Tumbleweed GA libmbedcrypto7-2.28.1-1.1

SUSE Timeline for this CVE

CVE page created: Fri Jul 15 18:11:21 2022
CVE page last modified: Tue May 23 18:24:41 2023