Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3694

Опубликовано: 29 окт. 2014
Источник: nvd
CVSS2: 6.4
EPSS Низкий

Описание

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*
Версия до 2.10.9 (включая)
cpe:2.3:a:pidgin:pidgin:2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.10.3:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.10.4:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.10.5:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.10.6:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.10.7:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.10.8:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.0127
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

ubuntu логотип

CVE-2014-3694

ubuntu
около 11 лет назад

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

redhat логотип

CVE-2014-3694

CVSS3: 3.1
redhat
около 11 лет назад

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

debian логотип

CVE-2014-3694

debian
около 11 лет назад

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/ ...

github логотип

GHSA-qfvv-4jjj-6cq2

github
больше 3 лет назад

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

oracle-oval логотип

ELSA-2017-1854

oracle-oval
больше 8 лет назад

ELSA-2017-1854: pidgin security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 79%
0.0127
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-310