Описание
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:2.10.9-0ubuntu8 |
| esm-infra-legacy/trusty | released | 1:2.10.9-0ubuntu3.2 |
| lucid | ignored | end of life |
| precise | released | 1:2.10.3-0ubuntu1.6 |
| trusty | released | 1:2.10.9-0ubuntu3.2 |
| trusty/esm | released | 1:2.10.9-0ubuntu3.2 |
| upstream | released | 2.10.10-1 |
| utopic | released | 1:2.10.9-0ubuntu7.1 |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/ ...
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
ELSA-2017-1854: pidgin security, bug fix, and enhancement update (MODERATE)
EPSS
6.4 Medium
CVSS2