CVE-2020-16156Improper Verification of Cryptographic Signature in Perl

CWE-347Improper Verification of Cryptographic Signature6 documents5 sources
Severity
7.8HIGH
No vector
EPSS
0.0%
top 94.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Perl
Timeline
PublishedOct 19
Latest updateJan 15

Description

Title: Perl vulnerability Summary: Perl could be made to by pass signature verification. It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification. Instructions: In general, a standard system update will make all the necessary changes.

Affected Packages1 packages

debiandebian/perl< perl 5.36.0-4 (bookworm)

💥Exploits & PoCs

1
Exploit-DB
PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation2021-01-06

📋Vendor Advisories

5
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Perl DBI) — CVE-2020-161562023-01-15
Ubuntu
Perl vulnerability2022-11-28
Ubuntu
Perl vulnerability2022-10-19
Red Hat
perl-CPAN: Bypass of verification of signatures in CHECKSUMS files2021-11-23
Debian
CVE-2020-16156: perl - CPAN 2.28 allows Signature Verification Bypass.2020
CVE-2020-16156 — Debian Perl vulnerability | cvebase