CVE-2022-30629

Public on 2022-08-10

Modified on 2024-05-17

Description

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Severity

Low

CVSS v3 Base Score

3.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
HAQM Linux 2 - Core	go-rpm-macros	2022-10-17	ALAS2-2022-1863	Fixed
HAQM Linux 1	golang	2022-09-15	ALAS-2022-1635	Fixed
HAQM Linux 2 - Core	golang	2022-09-15	ALAS2-2022-1846	Fixed
HAQM Linux 2023	golang	2023-02-17	ALAS2023-2023-048	Fixed
HAQM Linux 2023	golang-github-cpuguy83-md2man	2023-02-17	ALAS2023-2023-047	Fixed
HAQM Linux 2 - Core	golang-github-godbus-dbus	2022-10-17	ALAS2-2022-1858	Fixed
HAQM Linux 2 - Core	golang-github-gorilla-context	2022-10-17	ALAS2-2022-1859	Fixed
HAQM Linux 2 - Core	golang-github-gorilla-mux	2022-10-17	ALAS2-2022-1860	Fixed
HAQM Linux 2 - Core	golang-github-kr-pty	2022-10-17	ALAS2-2022-1864	Fixed
HAQM Linux 2 - Core	golang-github-syndtr-gocapability	2022-10-17	ALAS2-2022-1865	Fixed
HAQM Linux 2 - Core	golang-googlecode-net	2022-10-17	ALAS2-2022-1861	Fixed
HAQM Linux 2 - Core	golang-googlecode-sqlite	2022-10-17	ALAS2-2022-1862	Fixed
HAQM Linux 2 - Core	golist	2022-09-15	ALAS2-2022-1847	Fixed
HAQM Linux 2023	golist	2023-02-17	ALAS2023-2023-046	Fixed
HAQM Linux 2 - Docker Extra	runc	2022-09-30	ALAS2DOCKER-2022-020	Fixed
HAQM Linux 2 - Ecs Extra	runc	2025-04-23	ALAS2ECS-2025-057	Fixed
HAQM Linux 2 - Aws-nitro-enclaves-cli Extra	runc	2025-04-23	ALAS2NITRO-ENCLAVES-2025-055	Fixed

CVSS Scores

	Score Type	Score	Vector
HAQM Linux	CVSSv3	3.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
NVD	CVSSv3	3.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

Red Hat: CVE-2022-30629 Mitre: CVE-2022-30629