Your submission was sent successfully! Close

CVE-2022-30629

Published: 10 August 2022

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
golang-1.11
Launchpad, Ubuntu, Debian
upstream Needs triage

golang-1.15
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
upstream Needs triage

golang-1.17
Launchpad, Ubuntu, Debian
impish Ignored
(reached end-of-life)
jammy Needed

upstream Needs triage

golang-1.18
Launchpad, Ubuntu, Debian
jammy Needed

upstream
Released (1.18.3-1)
golang-1.7
Launchpad, Ubuntu, Debian
upstream Needs triage

golang-1.8
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
upstream Needs triage