| modules: |
| - module: std |
| versions: |
| - fixed: 1.17.11 |
| - introduced: 1.18.0 |
| fixed: 1.18.3 |
| vulnerable_at: 1.18.2 |
| packages: |
| - package: crypto/tls |
| symbols: |
| - serverHandshakeStateTLS13.sendSessionTickets |
| description: | |
| An attacker can correlate a resumed TLS session with a previous connection. |
| |
| Session tickets generated by crypto/tls do not contain a randomly |
| generated ticket_age_add, which allows an attacker that can observe TLS |
| handshakes to correlate successive connections by comparing ticket ages |
| during session resumption. |
| published: 2022-07-28T17:24:57Z |
| credit: Github user @nervuri |
| references: |
| - fix: https://go.dev/cl/405994 |
| - fix: https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5 |
| - report: https://go.dev/issue/52814 |
| - web: https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ |
| cve_metadata: |
| id: CVE-2022-30629 |
| cwe: 'CWE-200: Information Exposure' |
| description: | |
| Non-random values for ticket_age_add in session tickets in crypto/tls |
| before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS |
| handshakes to correlate successive connections by comparing ticket ages |
| during session resumption. |
