CVE-2013-4488Improper Certificate Validation in Libgadu

CWE-310CWE-295Improper Certificate Validation8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 48.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibgaduDebian Libgadu
Timeline
PublishedOct 10
Latest updateNov 6

Description

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDlibgadu/libgadu1.11.4

🔴Vulnerability Details

2
GHSA
GHSA-42c4-xg6q-8r33: libgadu before 12022-05-17
OSV
CVE-2013-4488: libgadu before 12014-10-10

📋Vendor Advisories

2
Red Hat
libgadu: missing ssl certificate validation2013-06-02
Debian
CVE-2013-4488: libgadu - libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which...2013

📄Research Papers

1
arXiv
Specification-Guided Vulnerability Detection with Large Language Models2025-11-06

💬Community

2
Bugzilla
CVE-2013-4488 libgadu: missing ssl certificate validation [fedora-all]2013-11-01
Bugzilla
CVE-2013-4488 libgadu: missing ssl certificate validation2013-11-01