Title: Buffer overread in TLS stream cipher suites
CVE: CVE-2023-43615
Date: 05 October 2023
Affects: All versions of Mbed TLS
Impact: A remote attacker may cause a crash or information disclosure.
Severity: Medium
Credit: OSS-Fuzz

Vulnerability:
A peer in a (D)TLS connection using a null-cipher or RC4 cipher suite can send a malformed encrypted (or null-encrypted) record that causes a buffer overread of the vulnerable application. When the TLS parsing code calculates the MAC of the record, it subtracts the MAC length from the record length without checking if the record is large enough. As a consequence, if the payload of the record is shorter than the MAC, the code attempts to read slightly less than SIZE_MAX bytes to calculate the MAC of the received record.

Note that only weak cipher suites are affected: cipher suites using the null cipher (TLS_xxx_WITH_NULL_hhh, with authentication but not encryption) or RC4 (TLS_xxx_WITH_RC4_128_hhh, a weak and deprecated cipher, no longer supported after Mbed TLS 3.0). Those cipher suites are disabled in the default build-time configuration.

All protocol versions up to 1.2 are affected, including DTLS. TLS 1.3 is not affected. CBC and AEAD cipher suites are not affected.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43615
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/