CVE-2022-46393
Gentoo Linux Security Advisory 202409-14
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
Se descubrió un problema en Mbed TLS anterior a 2.28.2 y 3.x anterior a 3.3.0. Existe un posible desbordamiento de búfer de almacenamiento dinámico y una sobrelectura de búfer de almacenamiento dinámico en DTLS si MBEDTLS_SSL_DTLS_CONNECTION_ID está habilitado y MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service. Versions greater than or equal to 2.28.7 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-12-04 CVE Reserved
- 2022-12-15 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 | Release Notes | |
| https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | < 2.28.2 Search vendor "Arm" for product "Mbed Tls" and version " < 2.28.2" | - |
Affected
| ||||||
| Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | >= 3.0.0 < 3.3.0 Search vendor "Arm" for product "Mbed Tls" and version " >= 3.0.0 < 3.3.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||