cbcvebase.
CVE-2022-41724
published 2023-02-28

CVE-2022-41724: Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients…

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.11%
61.8th percentile
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

Affected

24 ranges
VendorProductVersion rangeFixed in
debiangolang-1.15< golang-1.19 1.19.6-2 (bookworm)golang-1.19 1.19.6-2 (bookworm)
debiangolang-1.19< golang-1.19 1.19.6-2 (bookworm)golang-1.19 1.19.6-2 (bookworm)
go_standard_librarycrypto_tls< 1.19.61.19.6
go_standard_librarycrypto_tls>= 1.20.0-0 < 1.20.11.20.1
golanggo< 1.19.61.19.6
golanggo
msrcazl3_gcc_13.2.0-7_on_azure_linux_3.0
msrcazl3_golang_1.19.6-1_on_azure_linux_3.0
msrcazl3_golang_1.23.7-1_on_azure_linux_3.0
msrcazl3_golang_1.23.9-1_on_azure_linux_3.0
msrcazl3_golang_1.24.3-1_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0
msrccbl2_gcc_11.2.0-8_on_cbl_mariner_2.0
msrccbl2_golang_1.17.13-2_on_cbl_mariner_2.0
msrccbl2_golang_1.18.8-7_on_cbl_mariner_2.0
msrccbl2_golang_1.19.6-1_on_cbl_mariner_2.0
msrccbl2_golang_1.21.6-1_on_cbl_mariner_2.0
msrccbl2_msft-golang_1.19.6-1_on_cbl_mariner_2.0
msrccbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0
msrccbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0
msrccm1_gcc_9.1.0-7_on_cbl_mariner_1.0
msrccm1_golang_1.17.13-2_on_cbl_mariner_1.0
paloaltopan-os

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.