How severe is CVE-2022-23408?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2022-23408?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2022-23408

CRITICAL Year: 2022

CVSS v3 Score

9.1

Critical

CVSS v2 Score

6.4

Medium

Weakness Type

CWE-330

View all →

Vulnerability Description

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.

CVE-2013-4102

CRITICAL

CVSS:9.1(Critical)

Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness

CWE-3302013

CVE-2017-6026

CRITICAL

CVSS:9.1(Critical)

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Ve...

CWE-3302017

CVE-2020-16271

CRITICAL

CVSS:9.1(Critical)

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket c...

CWE-3302020