Описание
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
| Релиз | Статус | Примечание |
|---|---|---|
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | DNE | |
| esm-apps/bionic | released | 1.13.8-1ubuntu1~18.04.4+esm1 |
| esm-apps/jammy | released | 1.13.8-1ubuntu2.22.04.2 |
| esm-apps/xenial | released | 1.13.8-1ubuntu1~16.04.3+esm3 |
| esm-infra/focal | released | 1.13.8-1ubuntu1.2 |
| focal | released | 1.13.8-1ubuntu1.2 |
| jammy | released | 1.13.8-1ubuntu2.22.04.2 |
| lunar | DNE | |
| mantic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| impish | ignored | end of life |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | DNE | |
| esm-apps/bionic | released | 1.16.2-0ubuntu1~18.04.2+esm1 |
| esm-apps/focal | released | 1.16.2-0ubuntu1~20.04.1 |
| focal | released | 1.16.2-0ubuntu1~20.04.1 |
| jammy | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| impish | ignored | end of life |
| jammy | needed | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| questing | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.18.1-1ubuntu1~18.04.4 |
| devel | DNE | |
| esm-apps/bionic | released | 1.18.1-1ubuntu1~18.04.4 |
| esm-apps/focal | released | 1.18.1-1ubuntu1~20.04.2 |
| esm-apps/xenial | released | 1.18.1-1ubuntu1~16.04.4 |
| focal | released | 1.18.1-1ubuntu1~20.04.2 |
| jammy | released | 1.18.1-1ubuntu1.1 |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| esm-apps/bionic | not-affected | code not present |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
3.1 Low
CVSS3
Связанные уязвимости
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
Session tickets lack random ticket_age_add in crypto/tls
Non-random values for ticket_age_add in session tickets in crypto/tls ...
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
EPSS
3.1 Low
CVSS3