CVE-2010-4334
EPSS 0.56%
Description
The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.
How to fix CVE-2010-4334
To remediate CVE-2010-4334, upgrade the affected package to a fixed version below.
- Debian/libio-socket-ssl-perl—upgrade to 1.35-1 or later
Is CVE-2010-4334 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.35-1