CVE-2009-3024
EPSS 0.20%
Description
The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.
How to fix CVE-2009-3024
To remediate CVE-2009-3024, upgrade the affected package to a fixed version below.
- Debian/libio-socket-ssl-perl—upgrade to 1.30-1 or later
Is CVE-2009-3024 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.30-1