← Voltar para CVEs
CVE-2022-30629
LOW3.1
Descricao
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
Detalhes CVE
Pontuacao CVSS v3.13.1
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado8/10/2022
Ultima modificacao3/6/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
golang:go
Fraquezas (CWE)
CWE-330
Referencias
https://go.dev/cl/405994(security@golang.org)
https://go.dev/issue/52814(security@golang.org)
https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5(security@golang.org)
https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ(security@golang.org)
https://pkg.go.dev/vuln/GO-2022-0531(security@golang.org)
https://go.dev/cl/405994(af854a3a-2127-422b-91ae-364da2661108)
https://go.dev/issue/52814(af854a3a-2127-422b-91ae-364da2661108)
https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ(af854a3a-2127-422b-91ae-364da2661108)
https://pkg.go.dev/vuln/GO-2022-0531(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.