VDB

CISA-2022-30629

CISA-2022-30629 PUBLISHED CVSS 3.1 LOW

Reported by Go · Published August 9, 2022

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Risk Scores

CVSS 3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
Go standard librarycrypto/tls0, 1.18.0-0
Go standard librarycrypto/tls0, 1.18.0-0, 0

Timeline

  • Aug 9, 2022 CVE Published
  • Mar 6, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›