Search for vulnerabilities
Vulnerability details: VCID-as6k-w71f-aaam
Vulnerability ID VCID-as6k-w71f-aaam
Aliases CVE-2022-41724
Summary Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
Status Published
Exploitability 0.5
Weighted Severity 7.1
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41724.json
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00240 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00240 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00240 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
epss 0.00240 https://api.first.org/data/v1/epss?cve=CVE-2022-41724
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://go.dev/cl/468125
ssvc Track https://go.dev/cl/468125
ssvc Track https://go.dev/issue/58001
ssvc Track https://go.dev/issue/58001
cvssv3.1 7.5 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
generic_textual HIGH https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
ssvc Track https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
ssvc Track https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41724
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41724
ssvc Track https://pkg.go.dev/vuln/GO-2023-1570
ssvc Track https://pkg.go.dev/vuln/GO-2023-1570
ssvc Track https://security.gentoo.org/glsa/202311-09
ssvc Track https://security.gentoo.org/glsa/202311-09
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41724.json
https://api.first.org/data/v1/epss?cve=CVE-2022-41724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/468125
https://go.dev/issue/58001
https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
https://pkg.go.dev/vuln/GO-2023-1570
2178492 https://bugzilla.redhat.com/show_bug.cgi?id=2178492
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:1.20.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.20.0:-:*:*:*:*:*:*
cpe:2.3:a:golang:go:1.20.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.20.0:rc1:*:*:*:*:*:*
cpe:2.3:a:golang:go:1.20.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.20.0:rc2:*:*:*:*:*:*
cpe:2.3:a:golang:go:1.20.0:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:1.20.0:rc3:*:*:*:*:*:*
CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724
GLSA-202311-09 https://security.gentoo.org/glsa/202311-09
RHSA-2023:0584 https://access.redhat.com/errata/RHSA-2023:0584
RHSA-2023:1325 https://access.redhat.com/errata/RHSA-2023:1325
RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326
RHSA-2023:1329 https://access.redhat.com/errata/RHSA-2023:1329
RHSA-2023:1639 https://access.redhat.com/errata/RHSA-2023:1639
RHSA-2023:1817 https://access.redhat.com/errata/RHSA-2023:1817
RHSA-2023:2107 https://access.redhat.com/errata/RHSA-2023:2107
RHSA-2023:3083 https://access.redhat.com/errata/RHSA-2023:3083
RHSA-2023:3167 https://access.redhat.com/errata/RHSA-2023:3167
RHSA-2023:3303 https://access.redhat.com/errata/RHSA-2023:3303
RHSA-2023:3366 https://access.redhat.com/errata/RHSA-2023:3366
RHSA-2023:3445 https://access.redhat.com/errata/RHSA-2023:3445
RHSA-2023:3450 https://access.redhat.com/errata/RHSA-2023:3450
RHSA-2023:3455 https://access.redhat.com/errata/RHSA-2023:3455
RHSA-2023:3612 https://access.redhat.com/errata/RHSA-2023:3612
RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742
RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003
RHSA-2023:4335 https://access.redhat.com/errata/RHSA-2023:4335
RHSA-2023:4470 https://access.redhat.com/errata/RHSA-2023:4470
RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627
RHSA-2023:5935 https://access.redhat.com/errata/RHSA-2023:5935
RHSA-2023:5964 https://access.redhat.com/errata/RHSA-2023:5964
RHSA-2023:5976 https://access.redhat.com/errata/RHSA-2023:5976
RHSA-2023:6363 https://access.redhat.com/errata/RHSA-2023:6363
RHSA-2023:6380 https://access.redhat.com/errata/RHSA-2023:6380
RHSA-2023:6402 https://access.redhat.com/errata/RHSA-2023:6402
RHSA-2023:6473 https://access.redhat.com/errata/RHSA-2023:6473
RHSA-2023:6474 https://access.redhat.com/errata/RHSA-2023:6474
RHSA-2023:6817 https://access.redhat.com/errata/RHSA-2023:6817
RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938
RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939
RHSA-2023:7672 https://access.redhat.com/errata/RHSA-2023:7672
RHSA-2024:2944 https://access.redhat.com/errata/RHSA-2024:2944
USN-6140-1 https://usn.ubuntu.com/6140-1/
USN-7109-1 https://usn.ubuntu.com/7109-1/
USN-7111-1 https://usn.ubuntu.com/7111-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41724.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://go.dev/cl/468125
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://go.dev/cl/468125
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://go.dev/issue/58001
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://go.dev/issue/58001
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41724
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41724
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://pkg.go.dev/vuln/GO-2023-1570
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://pkg.go.dev/vuln/GO-2023-1570
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://security.gentoo.org/glsa/202311-09
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/ Found at https://security.gentoo.org/glsa/202311-09
Exploit Prediction Scoring System (EPSS)
Percentile 0.01732
EPSS Score 0.00016
Published At April 14, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.