7.8

CVE-2020-16156

Exploit
CPAN 2.28 allows Signature Verification Bypass.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PerlComprehensive Perl Archive Network Version2.28 Update- SwPlatformperl
PerlComprehensive Perl Archive Network Version2.28 Updatetrial SwPlatformperl
FedoraprojectFedora Version34
FedoraprojectFedora Version35
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.515
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
Third Party Advisory
Exploit
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
Third Party Advisory
Exploit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
Third Party Advisory
Product
https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html