Ubuntu.comUB:CVE-2022-46393CVE-2022-46393
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
70.8%
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
References
github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
launchpad.net/bugs/cve/CVE-2022-46393
mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
nvd.nist.gov/vuln/detail/CVE-2022-46393
security-tracker.debian.org/tracker/CVE-2022-46393
www.cve.org/CVERecord?id=CVE-2022-46393
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
70.8%