Lucene search
Veracode Vulnerability DatabaseVERACODE:36390HistoryJul 18, 2022 - 10:58 a.m.
Denial Of Service (DoS)
2022-07-1810:58:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
43
mbedtls
vulnerability
denial of service
buffer overread
dtls
server
client hello
crash
information disclosure
error output
software
EPSS
0.001
Percentile
48.7%
mbedtls is vulnerable to denial of service. The vulnerability exists through a buffer overread when the dtls server with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE in use receives a ClientHello message with a cookie whose declared length exceeds the end of the allocated buffer which allows an attacker to cause a crash or information disclosure via error output
Related
debiancve
debiancve
CVE-2022-35409
2022-07-15 14:15:09
alpinelinux
alpinelinux
CVE-2022-35409
2022-07-15 14:15:09
cve
cve
CVE-2022-35409
2022-07-15 14:15:09
ubuntucve
ubuntucve
CVE-2022-35409
2022-07-15 00:00:00
nvd
nvd
CVE-2022-35409
2022-07-15 14:15:09
mageia
mageia
Updated mbedtls packages fix security vulnerability
2022-11-08 22:44:28
prion
prion
Heap overflow
2022-07-15 14:15:00
cvelist
cvelist
CVE-2022-35409
2022-07-15 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0415)
2022-11-09 00:00:00
Debian: Security Advisory (DLA-3249-1)
2022-12-26 00:00:00
osv
osv
CVE-2022-35409
2022-07-15 14:15:09
mbedtls - security update
2022-12-26 00:00:00
nessus
nessus
openSUSE 15 Security Update : mbedtls (openSUSE-SU-2022:10247-1)
2022-12-23 00:00:00
GLSA-202301-08 : Mbed TLS: Multiple Vulnerabilities
2023-01-11 00:00:00
Debian DLA-3249-1 : mbedtls - LTS security update
2022-12-26 00:00:00
gentoo
gentoo
Mbed TLS: Multiple Vulnerabilities
2023-01-11 00:00:00
debian
debian
[SECURITY] [DLA 3249-1] mbedtls security update
2022-12-25 23:33:58