VYPR
Unrated severityNVD Advisory· Published Jan 18, 2022· Updated Aug 3, 2024

CVE-2022-23408

CVE-2022-23408

Description

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WolfSSL/Wolfsslcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <5.1.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.