CVE-2014-0350 — Poco C + + Libraries vulnerability

CWE-3108 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

0.2%

top 57.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pocoproject Poco Pocoproject Poco C + + Libraries

Timeline

PublishedApr 26

Latest updateMay 17

Description

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDpocoproject/poco_c_+_+_libraries1.4.6+2

▶Debianpocoproject/poco< 1.3.6p1-5+3

🔴Vulnerability Details

GHSA

GHSA-whgv-p774-rw69: The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1↗2022-05-17

▶

CVEList

CVE-2014-0350: The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1↗2014-04-26

▶

OSV

CVE-2014-0350: The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1↗2014-04-26

▶

📋Vendor Advisories

Debian

CVE-2014-0350: poco - The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ ...↗2014

▶

💬Community

Bugzilla

CVE-2014-0350 poco: certificate validation issue [epel-all]↗2014-04-28

▶

Bugzilla

CVE-2014-0350 poco: certificate validation issue [fedora-all]↗2014-04-28

▶

Bugzilla

CVE-2014-0350 poco: certificate validation issue↗2014-04-28

▶