CVE-2022-46393

描述

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

受影響套件(1)

• Debian/mbedtlsfrom 0, < 2.28.2-1

CVSS 分數

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-46393