CVE-2013-4488 - Vulnerability Details - OpenCVE

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libgadu	Libgadu

Configuration 1 [-]

cpe:2.3:a:libgadu:libgadu:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.mail-archive.com/libgadu-devel%40lists.ziew.org/msg01017.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:185
http://www.openwall.com/lists/oss-security/2013/10/31/5
http://www.securityfocus.com/bid/63473
https://bugzilla.redhat.com/show_bug.cgi?id=1025718
https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125143.html
https://nvd.nist.gov/vuln/detail/CVE-2013-4488
https://security.gentoo.org/glsa/201508-02
https://www.cve.org/CVERecord?id=CVE-2013-4488

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-10-10T01:00:00

Updated: 2024-08-06T16:45:14.587Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4488

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-10-10T01:55:07.663

Modified: 2025-04-12T10:46:40.837

Link: CVE-2013-4488

Redhat

Severity : Moderate

Publid Date: 2013-06-02T00:00:00Z

Links: CVE-2013-4488 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-02T00:00:00", "descriptions": [{"lang": "en", "value": "libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "GLSA-201508-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201508-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1025718"}, {"name": "63473", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/63473"}, {"name": "[oss-security] 20131031 Re: CVE Request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/5"}, {"name": "[libgadu-devel] 20130602 Re: How to Report a Security Bug in libgadu", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/libgadu-devel%40lists.ziew.org/msg01017.html"}, {"name": "MDVSA-2014:185", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:185"}, {"name": "FEDORA-2013-23260", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125143.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.587Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201508-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201508-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1025718"}, {"name": "63473", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/63473"}, {"name": "[oss-security] 20131031 Re: CVE Request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/5"}, {"name": "[libgadu-devel] 20130602 Re: How to Report a Security Bug in libgadu", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/libgadu-devel%40lists.ziew.org/msg01017.html"}, {"name": "MDVSA-2014:185", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:185"}, {"name": "FEDORA-2013-23260", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125143.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4488", "datePublished": "2014-10-10T01:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.587Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgadu:libgadu:*:*:*:*:*:*:*:*", "matchCriteriaId": "62FAE507-EBA1-4E9F-8C1A-F7B23844883C", "versionEndIncluding": "1.11.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers."}, {"lang": "es", "value": "libgadu anterior a 1.12.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servers."}], "id": "CVE-2013-4488", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-10-10T01:55:07.663", "references": [{"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/libgadu-devel%40lists.ziew.org/msg01017.html"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:185"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/10/31/5"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/63473"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1025718"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125143.html"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201508-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/libgadu-devel%40lists.ziew.org/msg01017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/10/31/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/63473"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1025718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125143.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201508-02"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}