CVE-2022-35409 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-35409 Interim 1 8 2025-02-16T02:58:28Z current 2022-07-19T00:02:35Z 2025-02-16T02:58:28Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-35409 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3NAO4EU3XHQJB2IY7LNSERGELWFEJAUJ/ E-Mail link for openSUSE-SU-2022:10247-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP3 openSUSE Leap 15.3 openSUSE Tumbleweed libmbedcrypto3-2.16.9-bp153.2.8.1 libmbedcrypto3-32bit-2.16.9-bp153.2.8.1 libmbedcrypto3-64bit-2.16.9-bp153.2.8.1 libmbedcrypto7-2.28.1-1.1 libmbedcrypto7-32bit-2.28.1-1.1 libmbedtls12-2.16.9-bp153.2.8.1 libmbedtls12-32bit-2.16.9-bp153.2.8.1 libmbedtls12-64bit-2.16.9-bp153.2.8.1 libmbedtls14-2.28.1-1.1 libmbedtls14-32bit-2.28.1-1.1 libmbedx509-0-2.16.9-bp153.2.8.1 libmbedx509-0-32bit-2.16.9-bp153.2.8.1 libmbedx509-0-64bit-2.16.9-bp153.2.8.1 libmbedx509-1-2.28.1-1.1 libmbedx509-1-32bit-2.28.1-1.1 mbedtls-devel-2.16.9-bp153.2.8.1 mbedtls-devel-2.28.1-1.1 libmbedcrypto3-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedcrypto3-32bit-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedcrypto3-64bit-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedtls12-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedtls12-32bit-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedtls12-64bit-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedx509-0-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedx509-0-32bit-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedx509-0-64bit-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 mbedtls-devel-2.16.9-bp153.2.8.1 as a component of SUSE Package Hub 15 SP3 libmbedcrypto3-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedcrypto3-32bit-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedcrypto3-64bit-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedtls12-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedtls12-32bit-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedtls12-64bit-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedx509-0-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedx509-0-32bit-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedx509-0-64bit-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 mbedtls-devel-2.16.9-bp153.2.8.1 as a component of openSUSE Leap 15.3 libmbedcrypto7-2.28.1-1.1 as a component of openSUSE Tumbleweed libmbedcrypto7-32bit-2.28.1-1.1 as a component of openSUSE Tumbleweed libmbedtls14-2.28.1-1.1 as a component of openSUSE Tumbleweed libmbedtls14-32bit-2.28.1-1.1 as a component of openSUSE Tumbleweed libmbedx509-1-2.28.1-1.1 as a component of openSUSE Tumbleweed libmbedx509-1-32bit-2.28.1-1.1 as a component of openSUSE Tumbleweed mbedtls-devel-2.28.1-1.1 as a component of openSUSE Tumbleweed An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. CVE-2022-35409 SUSE Package Hub 15 SP3:libmbedcrypto3-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:libmbedcrypto3-32bit-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:libmbedcrypto3-64bit-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:libmbedtls12-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:libmbedtls12-32bit-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:libmbedtls12-64bit-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:libmbedx509-0-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:libmbedx509-0-32bit-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:libmbedx509-0-64bit-2.16.9-bp153.2.8.1 SUSE Package Hub 15 SP3:mbedtls-devel-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedcrypto3-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedcrypto3-32bit-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedcrypto3-64bit-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedtls12-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedtls12-32bit-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedtls12-64bit-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedx509-0-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedx509-0-32bit-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:libmbedx509-0-64bit-2.16.9-bp153.2.8.1 openSUSE Leap 15.3:mbedtls-devel-2.16.9-bp153.2.8.1 openSUSE Tumbleweed:libmbedcrypto7-2.28.1-1.1 openSUSE Tumbleweed:libmbedcrypto7-32bit-2.28.1-1.1 openSUSE Tumbleweed:libmbedtls14-2.28.1-1.1 openSUSE Tumbleweed:libmbedtls14-32bit-2.28.1-1.1 openSUSE Tumbleweed:libmbedx509-1-2.28.1-1.1 openSUSE Tumbleweed:libmbedx509-1-32bit-2.28.1-1.1 openSUSE Tumbleweed:mbedtls-devel-2.28.1-1.1 critical 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H