4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.0%
IO::Socket::SSL is a Perl class implementing an object oriented interface to SSL sockets.
The vendor reported that IO::Socket::SSL does not properly handle Common Name (CN) fields.
A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using IO::Socket::SSL.
There is no known workaround at this time.
All IO::Socket::SSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/IO-Socket-SSL-1.26"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-perl/io-socket-ssl | < 1.26 | UNKNOWN |