CVE-2021-21374

Exploit

EPSS 1.04%
Veröffentlicht 26.03.2021 22:15:12
Zuletzt bearbeitet 21.11.2024 05:48:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Nimble fails to validate certificates due to insecure httpClient defaults

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 4 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nim-lang ≫ Nim Version < 1.2.10

Nim-lang ≫ Nim Version >= 1.4.0 < 1.4.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.04%	0.594

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
security-advisories@github.com	8.1	2.2	5.3	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE-348 Use of Less Trusted Source

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

CWE-599 Missing Validation of OpenSSL Certificate

The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.

https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/

Third Party Advisory

Exploit

https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130

Third Party Advisory

Release Notes

https://github.com/nim-lang/Nim/pull/16940

Patch

Third Party Advisory

https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21374