Heap-based Buffer Over-read in Mbed TLS Affects Multiple Versions
CVE-2022-35409

9.1CRITICAL

Key Information:

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 15 July 2022

Summary

An issue exists in Mbed TLS versions prior to 2.28.1 and 3.x before 3.2.0, where certain configurations leave DTLS servers vulnerable to an unauthenticated attack. An attacker can send an invalid ClientHello message that may cause a heap-based buffer over-read of up to 255 bytes. This vulnerability potentially leads to server crashes or information leaks based on the nature of the error responses. The specific configurations that are at risk include those with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN set below a threshold, which may vary from 258 bytes (with mbedtls_ssl_cookie_check) to as high as 571 bytes (with custom cookie check functions).

References

https://github.com/Mbed-TLS/mbedtls/releases

https://mbed-tls.readthedocs.io/en/latest/security-adviso...

https://lists.debian.org/debian-lts-announce/2022/12/msg0...

mailing-list

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2022
Vulnerability Reserved
Jul 8, 2022