VDB
CISA-2022-30629
CISA-2022-30629
PUBLISHED
CVSS 3.1 LOW
Reported by Go · Published August 9, 2022
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
Risk Scores
CVSS 3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Go standard library | crypto/tls | 0, 1.18.0-0 |
| Go standard library | crypto/tls | 0, 1.18.0-0, 0 |
Timeline
- Aug 9, 2022 CVE Published
- Mar 6, 2026 CVE Updated