Vulnerability Description
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Slixmpp Project | Slixmpp | < 1.8.3 |
Related Weaknesses (CWE)
References
- https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.pyPatchThird Party Advisory
- https://github.com/poezio/slixmpp/tagsThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801fPatchThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commits/masterPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-07
- https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.pyPatchThird Party Advisory
- https://github.com/poezio/slixmpp/tagsThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801fPatchThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commits/masterPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-07
FAQ
What is CVE-2022-45197?
CVE-2022-45197 is a vulnerability with a CVSS score of 7.5 (HIGH). Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
How severe is CVE-2022-45197?
CVE-2022-45197 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45197?
Check the references section above for vendor advisories and patch information. Affected products include: Slixmpp Project Slixmpp.