Unrated severityNVD Advisory· Published Jan 18, 2022· Updated Aug 3, 2024
CVE-2022-23408
CVE-2022-23408
Description
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/wolfSSL/wolfssl/blob/master/ChangeLog.mdmitrex_refsource_MISC
- github.com/wolfSSL/wolfssl/pull/4710mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.