3 matches found
br.eti.clairton:ds-test (=0.4.0), com.bertoncelj.wildflysingletonservice:wildfly-singleton-service (>=1.1.0 <=1.2.1) +526 more potentially affected by CVE-2022-3143 via org.wildfly.security:wildfly-elytron (>=1.0.0.Alpha1 <=1.15.0.CR1)
org.wildfly.security:wildfly-elytron MAVEN version =1.0.0.Alpha1, =1.1.0, =2.3.0, =2.3.0, =2.3.0, =0.7.0, =1.2.6, =1.2.6, =1.2.6, =1.2.6, =1.2.6, =1.2.6, =1.2.6, =1.2.6, =1.2.6, =1.3.19 and more Source cves: CVE-2022-3143 Source advisory: OSV:GHSA-JMJ6-P2J9-68CP...
CVE-2022-3143
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead...
CVE-2022-3143
CVE-2022-3143 affects WildFly Elytron where java.util.Arrays.equals is used in multiple places, enabling timing attacks. The root cause is unsafe comparisons potentially leaking information about secret values; the recommended fix is to replace such comparisons with java.security.MessageDigest.is...