CVE-2022-46393
Description
Heap buffer overflow and overread in Mbed TLS DTLS when Connection ID (CID) is enabled and CID length configuration allows oversized inbound CID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap buffer overflow and overread in Mbed TLS DTLS when Connection ID (CID) is enabled and CID length configuration allows oversized inbound CID.
Vulnerability
A heap-based buffer overflow and overread vulnerability exists in Mbed TLS's DTLS implementation when MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. Affected versions are Mbed TLS before 2.28.2 and 3.x before 3.3.0 [1][2].
Exploitation
An attacker with network access can send specially crafted DTLS messages containing an oversized Connection ID (CID) to trigger the heap buffer overflow or overread. No authentication is required, but the feature must be enabled with the vulnerable configuration [2].
Impact
Successful exploitation could lead to heap memory corruption (overwrite or overread), potentially allowing information disclosure or denial of service. In the worst case, code execution may be possible, though this is not confirmed [2].
Mitigation
Upgrade to Mbed TLS 2.28.2 or 3.3.0, which contain the fix for this issue [1][2]. No workaround is available if the CID feature is required; otherwise, disable it by not defining MBEDTLS_SSL_DTLS_CONNECTION_ID. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Mbed TLS/Mbed TLSdescription
- osv-coords3 versionspkg:rpm/opensuse/mbedtls-2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mbedtls&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/mbedtls&distro=SUSE%20Package%20Hub%2015%20SP4
< 2.28.2-1.1+ 2 more
- (no CPE)range: < 2.28.2-1.1
- (no CPE)range: < 2.28.0-bp154.2.3.1
- (no CPE)range: < 2.28.0-bp154.2.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
5- github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2nvdRelease NotesThird Party Advisory
- github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0nvdRelease NotesThird Party Advisory
- mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/nvdVendor Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/nvd
News mentions
0No linked articles in our index yet.