Upstream information

CVE-2022-35409 at MITRE

Description

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 9.1
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1201581 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP3
  • libmbedcrypto3 >= 2.16.9-bp153.2.8.1
  • libmbedcrypto3-32bit >= 2.16.9-bp153.2.8.1
  • libmbedcrypto3-64bit >= 2.16.9-bp153.2.8.1
  • libmbedtls12 >= 2.16.9-bp153.2.8.1
  • libmbedtls12-32bit >= 2.16.9-bp153.2.8.1
  • libmbedtls12-64bit >= 2.16.9-bp153.2.8.1
  • libmbedx509-0 >= 2.16.9-bp153.2.8.1
  • libmbedx509-0-32bit >= 2.16.9-bp153.2.8.1
  • libmbedx509-0-64bit >= 2.16.9-bp153.2.8.1
  • mbedtls-devel >= 2.16.9-bp153.2.8.1
Patchnames:
openSUSE-2022-10247
openSUSE Leap 15.3
  • libmbedcrypto3 >= 2.16.9-bp153.2.8.1
  • libmbedcrypto3-32bit >= 2.16.9-bp153.2.8.1
  • libmbedcrypto3-64bit >= 2.16.9-bp153.2.8.1
  • libmbedtls12 >= 2.16.9-bp153.2.8.1
  • libmbedtls12-32bit >= 2.16.9-bp153.2.8.1
  • libmbedtls12-64bit >= 2.16.9-bp153.2.8.1
  • libmbedx509-0 >= 2.16.9-bp153.2.8.1
  • libmbedx509-0-32bit >= 2.16.9-bp153.2.8.1
  • libmbedx509-0-64bit >= 2.16.9-bp153.2.8.1
  • mbedtls-devel >= 2.16.9-bp153.2.8.1
Patchnames:
openSUSE-2022-10247
openSUSE Tumbleweed
  • libmbedcrypto7 >= 2.28.1-1.1
  • libmbedcrypto7-32bit >= 2.28.1-1.1
  • libmbedtls14 >= 2.28.1-1.1
  • libmbedtls14-32bit >= 2.28.1-1.1
  • libmbedx509-1 >= 2.28.1-1.1
  • libmbedx509-1-32bit >= 2.28.1-1.1
  • mbedtls-devel >= 2.28.1-1.1
Patchnames:
openSUSE-Tumbleweed-2024-12478


SUSE Timeline for this CVE

CVE page created: Fri Jul 15 18:11:21 2022
CVE page last modified: Tue Sep 3 19:26:12 2024