CVE-2022-46505

Опубликовано: 18 янв. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.

Ссылки

https://github.com/SmallTown123/details-for-CVE-2022-46505
Exploit
Third Party Advisory
https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0
Permissions Required
Vendor Advisory
https://github.com/SmallTown123/details-for-CVE-2022-46505
Exploit
Third Party Advisory
https://smalltown123.notion.site/MatrixSSL-session-resume-bug-a0
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*

Версия до 4.5.1 (включая)

EPSS

Процентиль: 71%

0.00672

Низкий

7.5 High

CVSS3

Дефекты

CWE-665

Связанные уязвимости

CVE-2022-46505

CVSS3: 7.5

debian

около 3 лет назад

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to secur ...

GHSA-682w-9rvw-qw43

CVSS3: 7.5

github

около 3 лет назад

An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data.

EPSS

Процентиль: 71%

0.00672

Низкий

7.5 High

CVSS3

Дефекты

CWE-665