Описание
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 1:20.2.2+dfsg-1ubuntu2 |
| devel | not-affected | 1:23.2.2+dfsg-1 |
| esm-infra-legacy/trusty | not-affected | 1:16.b.3-dfsg-1ubuntu2 |
| esm-infra/bionic | not-affected | 1:20.2.2+dfsg-1ubuntu2 |
| esm-infra/focal | not-affected | 1:22.2.7+dfsg-1 |
| esm-infra/xenial | not-affected | 1:18.3-dfsg-1ubuntu3 |
| focal | not-affected | 1:22.2.7+dfsg-1 |
| groovy | not-affected | 1:23.0.3+dfsg-1ubuntu1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
An issue was discovered in Erlang/OTP before 23.2.2. The ssl applicati ...
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
Уязвимость языка программирования Erlang, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
5 Medium
CVSS2
7.5 High
CVSS3