CVE-2022-35409

Gentoo Linux Security Advisory 202301-08

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

Se ha descubierto un problema en Mbed TLS antes de la versión 2.28.1 y 3.x antes de la 3.2.0. En algunas configuraciones, un atacante no autenticado puede enviar un mensaje ClientHello no válido a un servidor DTLS que provoca una sobrelectura del búfer basada en el montón de hasta 255 bytes. Esto puede causar una caída del servidor o posiblemente la divulgación de información basada en las respuestas de error. Las configuraciones afectadas tienen MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE habilitado y MBEDTLS_SSL_IN_CONTENT_LEN menos que un umbral que depende de la configuración: 258 bytes si se utiliza mbedtls_ssl_cookie_check, y posiblemente hasta 571 bytes con una función de comprobación de cookies personalizada

Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. Versions less than 2.28.1 are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-08 CVE Reserved
2022-07-15 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (3)

URL	Tag	Source
https://github.com/Mbed-TLS/mbedtls/releases	Release Notes
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html	Mailing List

URL	Date	SRC
https://mbed-tls.readthedocs.io/en/latest/security-advisories/advisories/mbedtls-security-advisory-2022-07.html	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				< 2.28.1 Search vendor "Arm" for product "Mbed Tls" and version " < 2.28.1"		-		Affected
Arm Search vendor "Arm"		Mbed Tls Search vendor "Arm" for product "Mbed Tls"				>= 3.0.0 < 3.2.0 Search vendor "Arm" for product "Mbed Tls" and version " >= 3.0.0 < 3.2.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected