Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-35409

EPSS 1.66% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-35409

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mbed TLS 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mbed TLS是一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 2.28.2之前版本和3.2.0之前的3.x版本存在缓冲区错误漏洞,该漏洞源于在某些配置中,未经认证的攻击者可以向DTLS服务器发送一个无效的ClientHello消息,从而导致基于堆的缓冲区过度读取多达255个字节。这可能会导致服务器崩溃或基于错误响应的信息泄露。受影响的配置启用了MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE,并且MBEDTLS_SSL_IN_CONTENT_LEN小于取决
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2022-35409

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-35409

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-07-15 · 28 CVEs total

CVE-2022-258917.5 HIGHDenial of Service (DoS)
CVE-2022-258585.3 MEDIUMRegular Expression Denial of Service (ReDoS)
CVE-2022-258694.2 MEDIUMAngular 跨站脚本漏洞
CVE-2022-359053.3 LOWBentley Systems MicroStation和Bentley View 缓冲区错误漏洞
CVE-2022-359063.3 LOWBentley Systems MicroStation和Bentley View 缓冲区错误漏洞
CVE-2022-359003.3 LOWBentley Systems MicroStation和Bentley View 缓冲区错误漏洞
CVE-2022-359013.3 LOWBentley Systems MicroStation和Bentley View 缓冲区错误漏洞
CVE-2022-359023.3 LOWBentley Systems MicroStation和Bentley View 缓冲区错误漏洞
CVE-2022-359033.3 LOWBentley Systems MicroStation和Bentley View 缓冲区错误漏洞
CVE-2022-359043.3 LOWBentley Systems MicroStation和Bentley View 缓冲区错误漏洞
CVE-2022-32118AROX School-ERP Pro 跨站脚本漏洞
CVE-2022-32119AROX School-ERP Pro 代码问题漏洞
CVE-2020-36553SourceCodester Multi Restaurant Table Reservation System 跨站脚本漏洞
CVE-2020-36552SourceCodester Multi Restaurant Table Reservation System 跨站脚本漏洞
CVE-2020-36551SourceCodester Multi Restaurant Table Reservation System 跨站脚本漏洞
CVE-2020-36550SourceCodester Multi Restaurant Table Reservation System 跨站脚本漏洞
CVE-2020-35261SourceCodester Multi Restaurant Table Reservation System 跨站脚本漏洞
CVE-2022-34826Couchbase Server 日志信息泄露漏洞
CVE-2021-36461Microweber 代码问题漏洞
CVE-2022-30242Honeywell Alerton Ascent Control Module 安全漏洞

Showing top 20 of 28 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2022-35409

No comments yet

Leave a comment