CVE-2010-4334

NameCVE-2010-4334
DescriptionThe IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs606058

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libio-socket-ssl-perl (PTS)jessie2.002-2+deb8u3fixed
stretch2.044-1fixed
buster2.060-3fixed
bullseye2.069-1fixed
bookworm2.081-2fixed
sid, trixie2.089-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libio-socket-ssl-perlsourcelenny(not affected)
libio-socket-ssl-perlsourcesqueeze1.33-1+squeeze1
libio-socket-ssl-perlsource(unstable)1.35-1606058

Notes

[lenny] - libio-socket-ssl-perl <not-affected> (Vulnerable code not present)
Search for package or bug name: Reporting problems