Vulnerability Details CVE-2022-23408
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 69.5%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
Products affected by CVE-2022-23408
-
cpe:2.3:a:wolfssl:wolfssl:5.0.0
-
cpe:2.3:a:wolfssl:wolfssl:5.1.0