CVE-2022-30629 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-30629

CVE-2022-30629

August 09, 2022

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Related Resources (12)

https://security.alpinelinux.org/vuln/CVE-2022-30629

https://people.canonical.com/~ubuntu-security/cve/CVE-2022-30629

https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

https://pkg.go.dev/vuln/GO-2022-0531

https://security-tracker.debian.org/tracker/CVE-2022-30629

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/

https://access.redhat.com/security/cve/CVE-2022-30629

https://go.dev/cl/405994

https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5

https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-30629&scoretype=cvssv3

https://go.dev/issue/52814

https://security.netapp.com/advisory/ntap-20220915-0004/

Do you need more information?

CVSS v4

Base Score:

2.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Use of Insufficiently Random Values

CWE-330

EPSS

Base Score:

0.07

Products

Solutions

Resources

Company

Compare

Developer Tools