CVE-2022-23408

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.

Source: CVE-2022-23408

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다