An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-15T00:00:00
Updated: 2024-08-03T14:31:46.329Z
Reserved: 2022-12-04T00:00:00
Link: CVE-2022-46393
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-15T23:15:10.570
Modified: 2024-11-21T07:30:30.580
Link: CVE-2022-46393
Redhat
No data.