VDB

GCVE-VVD-MAGEIA-2022-415

GCVE-VVD-MAGEIA-2022-415
Advisory Published
Vulnetix · Advisory published November 8, 2022
An unauthenticated remote host could send an invalid ClientHello message in which the declared length of the cookie extends past the end of the message. A DTLS server with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled would read past the end of the message up to the declared length of the cookie. This could cause a buffer overread of up to 255 bytes on the heap in vulnerable DTLS servers, which may lead to a crash or to information disclosure via the cookie check function (CVE-2022-35409). This issue has been patched, backporting a fix from upstream's 2.28.0 release.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiambedtls0 (affected), 2.16.12-1.1.mga8 (unaffected)

Aliases

CVE-2022-35409

Transitive aliases

GHSA-m52q-qpp4-f753CVE-2021-35409GSD-2022-35409OPENSUSE-SU-2022:10247-1OPENSUSE-SU-2024:12478-1MSRC_CVE-2022-35409

References

Updated mbedtls packages fix security vulnerability
fix
Updated mbedtls packages fix security vulnerability
advisory
Updated mbedtls packages fix security vulnerability
issue
Updated mbedtls packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›