CVE-2022-23408 in wolfSSLinfo

Zusammenfassung

von MITRE • 19.01.2022

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservieren

18.01.2022

Veröffentlichung

19.01.2022

Moderieren

akzeptiert

Eintrag

VDB-191231

CPE

bereit

EPSS

0.01417

KEV

nein

Aktivitäten

very low

Quellen

Interested in the pricing of exploits?

See the underground prices here!