Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Slixmpp Project
  • Slixmpp

Configuration 1 [-]

cpe:2.3:a:slixmpp_project:slixmpp:*:*:*:*:*:*:*:*
References
Link Resource
https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py Patch Third Party Advisory
https://github.com/poezio/slixmpp/tags Third Party Advisory
https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa Patch Third Party Advisory
https://lab.louiz.org/poezio/slixmpp/-/commits/master Patch Third Party Advisory
https://security.gentoo.org/glsa/202305-07
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-25T00:00:00

Updated: 2023-05-03T00:00:00

Reserved: 2022-11-12T00:00:00

Link: CVE-2022-45197

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2022-12-25T05:15:11.170

Modified: 2023-05-03T12:16:31.023

Link: CVE-2022-45197

JSON object: View

cve-icon Redhat Information

No data.

CWE