{"id":"CVE-2022-23408","details":"wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.","modified":"2026-04-11T22:13:38.578010Z","published":"2022-01-18T21:15:07.863Z","references":[{"type":"ADVISORY","url":"https://github.com/wolfSSL/wolfssl/pull/4710"},{"type":"ADVISORY","url":"https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfssl/wolfssl","events":[{"introduced":"7e01af012157bc20c840011a018619915380f05c"},{"fixed":"c3513bf2573c30f6d2df815de216120e92142020"}],"database_specific":{"versions":[{"introduced":"5.0.0"},{"fixed":"5.1.1"}]}}],"versions":["WCv5.0-RC10","WCv5.0-RC11","WCv5.0-RC12","v5.0.0-stable","v5.1.0-stable"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["200590224686773621064818426051680514278","73842892001327371820861045504044856872","180370452298823710791418685500416112741","232453673344828506816027349836980723411"],"threshold":0.9},"target":{"file":"wolfssl/wolfcrypt/types.h"},"source":"https://github.com/wolfssl/wolfssl/commit/c3513bf2573c30f6d2df815de216120e92142020","id":"CVE-2022-23408-70232f27"}],"vanir_signatures_modified":"2026-04-11T22:13:38Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23408.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}