CVE-2022-48195

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-48195

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48195.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-48195

Aliases

Published

2022-12-31T01:15:14.417Z

Modified

2026-03-14T11:56:03.772422Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.

References

https://mellium.im/cve/cve-2022-48195/

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48195.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.3.0"
            }
        ]
    }
]