CVE-2015-3886

Опубликовано: 21 июл. 2017

Источник: debian

EPSS Низкий

Описание

libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.

Пакет	Статус	Версия исправления	Релиз	Тип
libinfinity	fixed	0.6.6-1		package
libinfinity	fixed	0.6.6-1~deb8u1	jessie	package
libinfinity	not-affected		wheezy	package
libinfinity	not-affected		squeeze	package

https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706
https://github.com/gobby/gobby/issues/61
https://www.openwall.com/lists/oss-security/2015/05/12/1

EPSS

Процентиль: 68%

0.00583

Низкий

CVE-2015-3886

CVSS3: 9.8

ubuntu

больше 8 лет назад

libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.

CVE-2015-3886

CVSS3: 9.8

nvd

больше 8 лет назад

libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.

GHSA-fjjv-xp9p-25r7

CVSS3: 9.8

github

больше 3 лет назад

libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.

EPSS

Процентиль: 68%

0.00583

Низкий