Critical severity9.8NVD Advisory· Published Dec 31, 2022· Updated Jun 17, 2026
CVE-2022-48195
CVE-2022-48195
Description
An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mellium.im/saslGo | < 0.3.1 | 0.3.1 |
Affected products
2- Mellium/mellium.im/sasldescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-gvfj-fxx3-j323ghsaADVISORY
- mellium.im/cve/cve-2022-48195/nvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2022-48195ghsaADVISORY
- codeberg.org/mellium/sasl/commit/e6cbf681b247c4efa1477eaad2cc47a01707b732ghsaWEB
- codeberg.org/mellium/sasl/releases/tag/v0.3.1ghsaWEB
- mellium.im/cve/cve-2022-48195ghsaWEB
- pkg.go.dev/vuln/GO-2023-1268ghsaWEB
News mentions
0No linked articles in our index yet.