Lucene search

GoogleOSV:GHSA-Q6CQ-M9GM-6Q2F

HistoryDec 25, 2022 - 6:30 a.m.

Slixmpp lacks SSL Certificate hostname validation in XMLStream

2022-12-2506:30:20

Google

osv.dev

slixmpp

ssl certificate

hostname validation

xmlstream

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

44.9%

JSON

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

CPENameOperatorVersion
slixmppeq1.4.0
slixmppeq1.1
slixmppeq1.2
slixmppeq1.8.0.1
slixmppeq1.3.0
slixmppeq1.7.0
slixmppeq1.0.post5
slixmppeq1.6.0
slixmppeq1.5.2
slixmppeq1.0.post3

Name	Operator	Version
slixmpp	eq	1.4.0
slixmpp	eq	1.1
slixmpp	eq	1.2
slixmpp	eq	1.8.0.1
slixmpp	eq	1.3.0
slixmpp	eq	1.7.0
slixmpp	eq	1.0.post5
slixmpp	eq	1.6.0
slixmpp	eq	1.5.2
slixmpp	eq	1.0.post3

Rows per page:

1-10 of 271

References

github.com/poezio/slixmpp

github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py

github.com/poezio/slixmpp/tags

lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa

lab.louiz.org/poezio/slixmpp/-/commits/master

nvd.nist.gov/vuln/detail/CVE-2022-45197

security.gentoo.org/glsa/202305-07

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

44.9%

JSON

Related for OSV:GHSA-Q6CQ-M9GM-6Q2F