Home > Vulnerability Database > CVE-2022-48195

Mend.io Vulnerability Database

CVE-2022-48195

Good to know:

Date: December 30, 2022

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.

Language: Go

Severity Score

9.8

Related Resources (8)

Url: https://codeberg.org/mellium/sasl

Url: https://mellium.im/cve/cve-2022-48195

Url: https://mellium.im/cve/cve-2022-48195/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-48195

Url: https://codeberg.org/mellium/sasl/commit/e6cbf681b247c4efa1477eaad2cc47a01707b732

Url: https://pkg.go.dev/vuln/GO-2023-1268

Url: https://codeberg.org/mellium/sasl/releases/tag/v0.3.1

Url: https://www.mend.io/vulnerability-database/CVE-2022-48195

Severity Score

9.8

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

Upgrade Version

Upgrade to version v0.3.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-48195

Good to know:

Date: December 30, 2022

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?