Your submission was sent successfully! Close

CVE-2014-0350

Published: 26 April 2014

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

Priority

Medium

Status

Package Release Status
poco
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.3.6p1-5)
bionic Not vulnerable
(1.3.6p1-5)
lucid Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty
Released (1.3.6p1-4+deb7u1build1)
upstream
Released (1.4.6p4)
utopic Ignored
(reached end-of-life)
vivid Does not exist

wily Not vulnerable
(1.3.6p1-5)
xenial Not vulnerable
(1.3.6p1-5)
yakkety Not vulnerable
(1.3.6p1-5)
zesty Not vulnerable
(1.3.6p1-5)