cvedb.io
CVE-2022-3143
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2023-01-13T06:15:11.080 · Last modified 2026-06-17T04:58:56.803

Summary

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.

Affected products

redhat — wildfly_elytron

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.