pkg.go.dev
Open in
urlscan Pro
2600:1901:0:f535::
Public Scan
URL:
https://pkg.go.dev/vuln/GO-2022-0531
Submission: On June 16 via api from US — Scanned from DE
Submission: On June 16 via api from US — Scanned from DE
Form analysis
3 forms found in the DOM/search
<form class="go-InputGroup go-ShortcutKey go-SearchForm-form" action="/search" data-shortcut="/" data-shortcut-alt="search" data-gtmc="search form" aria-label="Search for a package" role="search">
<input name="q" class="go-Input js-searchFocus" aria-label="Search for a package" type="search" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" placeholder="Search packages or symbols" value="">
<input name="m" value="" hidden="">
<button class="go-Button go-Button--inverted" aria-label="Submit search">
<img class="go-Icon" height="24" width="24" src="/static/shared/icon/search_gm_grey_24dp.svg" alt="">
</button>
</form>
DIALOG
<form method="dialog" data-gmtc="jump to form" aria-label="Jump to Identifier">
<div class="Dialog-title go-Modal-header">
<h2>Jump to</h2>
<button class="go-Button go-Button--inline" type="button" data-modal-close="" data-gtmc="modal button" aria-label="Close">
<img class="go-Icon" height="24" width="24" src="/static/shared/icon/close_gm_grey_24dp.svg" alt="">
</button>
</div>
<div class="JumpDialog-filter">
<input class="JumpDialog-input go-Input" autocomplete="off" type="text">
</div>
<div class="JumpDialog-body go-Modal-body">
<div class="JumpDialog-list"></div>
</div>
<div class="go-Modal-actions">
<button class="go-Button" data-test-id="close-dialog">Close</button>
</div>
</form>
DIALOG
<form method="dialog">
<div class="go-Modal-header">
<h2>Keyboard shortcuts</h2>
<button class="go-Button go-Button--inline" type="button" data-modal-close="" data-gtmc="modal button" aria-label="Close">
<img class="go-Icon" height="24" width="24" src="/static/shared/icon/close_gm_grey_24dp.svg" alt="">
</button>
</div>
<div class="go-Modal-body">
<table>
<tbody>
<tr>
<td class="ShortcutsDialog-key">
<strong>?</strong>
</td>
<td> : This menu</td>
</tr>
<tr>
<td class="ShortcutsDialog-key">
<strong>/</strong>
</td>
<td> : Search site</td>
</tr>
<tr>
<td class="ShortcutsDialog-key">
<strong>f</strong> or <strong>F</strong>
</td>
<td> : Jump to</td>
</tr>
<tr>
<td class="ShortcutsDialog-key"><strong>y</strong> or <strong>Y</strong></td>
<td> : Canonical URL</td>
</tr>
</tbody>
</table>
</div>
<div class="go-Modal-actions">
<button class="go-Button" data-test-id="close-dialog">Close</button>
</div>
</form>
Text Content
Skip to Main Content * Why Go * Case Studies Common problems companies solve with Go * Use Cases Stories about how and why companies use Go * Security Policy How Go can help keep you secure by default * Learn * Docs * Effective Go Tips for writing clear, performant, and idiomatic Go code * Go User Manual A complete introduction to building software with Go * Standard library Reference documentation for Go's standard library * Release Notes Learn what's new in each Go release * Packages * Community * Recorded Talks Videos from prior events * Meetups Meet other local Go developers * Conferences Learn and network with Go developers from around the world * Go blog The Go project's official blog. * Go project Get help and stay informed from Go * Get connected * Why Go Why Go * Case Studies * Use Cases * Security Policy * Learn * Docs Docs * Effective Go * Go User Manual * Standard library * Release Notes * Packages * Community Community * Recorded Talks * Meetups * Conferences * Go blog * Go project * Get connected 1. Vulnerability Database 2. All Reports 3. GO-2022-0531 VULNERABILITY REPORT: GO-2022-0531 standard library * CVE-2022-30629 * Affects: crypto/tls * Published: Jul 28, 2022 * Modified: May 20, 2024 An attacker can correlate a resumed TLS session with a previous connection. Session tickets generated by crypto/tls do not contain a randomly generated ticket_age_add, which allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. AFFECTED PACKAGES * Path Versions Symbols * crypto/tls before go1.17.11, from go1.18.0-0 before go1.18.3 1 unexported affected symbols * serverHandshakeStateTLS13.sendSessionTickets ALIASES * CVE-2022-30629 REFERENCES * https://go.dev/cl/405994 * https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5 * https://go.dev/issue/52814 * https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ * https://vuln.go.dev/ID/GO-2022-0531.json CREDITS * Github user @nervuri FEEDBACK See anything missing or incorrect? Suggest an edit to this report. Why Go Use Cases Case Studies Get Started Playground Tour Stack Overflow Help Packages Standard Library Sub-repositories About Go Packages About Download Blog Issue Tracker Release Notes Brand Guidelines Code of Conduct Connect Twitter GitHub Slack r/golang Meetup Golang Weekly * Copyright * Terms of Service * Privacy Policy * Report an Issue * Theme Toggle * Shortcuts Modal JUMP TO Close KEYBOARD SHORTCUTS ? : This menu / : Search site f or F : Jump to y or Y : Canonical URL Close go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more. Okay