Bugzilla – Bug 1201581
VUL-0: CVE-2022-35409: mbedtls: Buffer overread in DTLS ClientHello parsing
Last modified: 2022-12-22 17:20:07 UTC
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some
configurations, an unauthenticated attacker can send an invalid ClientHello
message to a DTLS server that causes a heap-based buffer over-read of up to 255
bytes. This can cause a server crash or possibly information disclosure based on
error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the
configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to
571 bytes with a custom cookie check function.
- openSUSE:Backports:SLE-15-SP3:Update/mbedtls 2.16.9
- openSUSE:Backports:SLE-15-SP4/mbedtls 2.28.0
- openSUSE:Factory/mbedtls 2.28.0
Only SLE-15-SP3 is still affected. All other code streams are already fixed.
This is an autogenerated message for OBS integration:
This bug (1201581) was mentioned in
https://build.opensuse.org/request/show/1044081 Backports:SLE-15-SP3 / mbedtls
openSUSE-SU-2022:10247-1: An update that fixes two vulnerabilities is now available.
Category: security (important)
Bug References: 1201581
CVE References: CVE-2021-35409,CVE-2022-35409
openSUSE Backports SLE-15-SP3 (src): mbedtls-2.16.9-bp220.127.116.11