Bug 1201581 - (CVE-2022-35409) VUL-0: CVE-2022-35409: mbedtls: Buffer overread in DTLS ClientHello parsing
VUL-0: CVE-2022-35409: mbedtls: Buffer overread in DTLS ClientHello parsing
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.4
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Martin Pluskal
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-07-18 08:08 UTC by Hu
Modified: 2022-12-22 17:20 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hu 2022-07-18 08:08:23 UTC

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some
configurations, an unauthenticated attacker can send an invalid ClientHello
message to a DTLS server that causes a heap-based buffer over-read of up to 255
bytes. This can cause a server crash or possibly information disclosure based on
error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the
configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to
571 bytes with a custom cookie check function.

Comment 1 Hu 2022-07-18 08:08:36 UTC
- openSUSE:Backports:SLE-15-SP3:Update/mbedtls  2.16.9
- openSUSE:Backports:SLE-15-SP4/mbedtls         2.28.0
- openSUSE:Factory/mbedtls                      2.28.0
Comment 2 Alexander Bergmann 2022-12-21 12:52:40 UTC
Upstream fix:

Only SLE-15-SP3 is still affected. All other code streams are already fixed.
Comment 3 OBSbugzilla Bot 2022-12-21 13:55:03 UTC
This is an autogenerated message for OBS integration:
This bug (1201581) was mentioned in
https://build.opensuse.org/request/show/1044081 Backports:SLE-15-SP3 / mbedtls
Comment 4 Swamp Workflow Management 2022-12-22 17:20:07 UTC
openSUSE-SU-2022:10247-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1201581
CVE References: CVE-2021-35409,CVE-2022-35409
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    mbedtls-2.16.9-bp153.2.8.1