CVE-2022-45197Improper Certificate Validation in Project Slixmpp

CWE-295Improper Certificate Validation5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 71.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Slixmpp Project SlixmppDebian Slixmpp
Timeline
PublishedDec 25

Description

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/slixmpp< slixmpp 1.8.3-1 (bookworm)
Debianslixmpp_project/slixmpp< 1.8.3-1+2

Patches

Patch: github.comPatch: lab.louiz.orgPatch: lab.louiz.org

🔴Vulnerability Details

3
GHSA
Slixmpp lacks SSL Certificate hostname validation in XMLStream2022-12-25
OSV
CVE-2022-45197: Slixmpp before 12022-12-25
OSV
Slixmpp lacks SSL Certificate hostname validation in XMLStream2022-12-25

📋Vendor Advisories

1
Debian
CVE-2022-45197: slixmpp - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, all...2022