MGASA-2022-0231

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2022-30629
Published: 16 Jun 2022, 21:05
Last modified:16 Apr 2026, 04:23

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Jun 2022, 21:05
Published
Vulnerability first disclosed
16 Apr 2026, 04:23
Last Modified
Vulnerability information updated

Description

Updated golang packages fix security vulnerability crypto/tls: session tickets lack random ticket_age_add. Session tickets generated by crypto/tls did not contain a randomly generated ticket_age_add. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629)

Affected Systems

  • mageiagolang

    < 1.17.11-1.mga8

References (4)