CVE-2022-30629

Published: Aug 9, 2022

Modified: Mar 6, 2026

PUBLISHED

Description

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Vendor	Product	Versions
Go standard library	crypto/tls	affected `0 - < 1.17.11` affected `1.18.0-0 - < 1.18.3`

References

https://go.dev/cl/405994

https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5

https://go.dev/issue/52814

https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ

https://pkg.go.dev/vuln/GO-2022-0531

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-30629

Description

Affected Products

References