CVE-2014-3494

CWE-200 — Information Exposure CWE-295 — Improper Certificate Validation7 documents6 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 60.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Kdelibs Opensuse Opensuse

Timeline

PublishedJul 1

Latest updateMay 14

Description

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDkde/kdelibs23 versions+22

▶Ubuntukde4libs< 4:4.13.1-0ubuntu0.2

▶NVDopensuse/opensuse13.1

Patches

Patch: quickgit.kde.org ↗Patch: quickgit.kde.org ↗

🔴Vulnerability Details

GHSA

GHSA-rjp2-g39x-38r6: kio/usernotificationhandler↗2022-05-14

▶

OSV

CVE-2014-3494: kio/usernotificationhandler↗2014-07-01

▶

CVEList

CVE-2014-3494: kio/usernotificationhandler↗2014-07-01

▶

📋Vendor Advisories

Red Hat

kdelibs: POP3 kioslave silently accepted invalid SSL certificates↗2014-06-17

▶

💬Community

Bugzilla

CVE-2014-3494 kdelibs: POP3 kioslave silently accepted invalid SSL certificates [fedora-all]↗2014-06-19

▶

Bugzilla

CVE-2014-3494 kdelibs: POP3 kioslave silently accepted invalid SSL certificates↗2014-06-19

▶