CVE advisoryCRITICAL
CVE-2022-35409
Mbed TLS DTLS Heap Buffer Over-read Leads to Server Crash
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An unauthenticated attacker can cause a DTLS server to crash or potentially disclose information by sending an invalid ClientHello message. This vulnerability affects specific configurations of the Mbed TLS cryptographic library, which is commonly used in internet-facing applications and devices.