Search for packages
| purl | pkg:deb/debian/poco@1.3.6p1-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2yhr-1v3n-p7a4
Aliases: CVE-2023-52389 |
Integer Overflow or Wraparound UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. |
Affected by 1 other vulnerability. |
|
VCID-7pjn-2s13-d7by
Aliases: CVE-2014-0350 |
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate. |
Affected by 2 other vulnerabilities. |
|
VCID-9tkd-v4dq-2bd4
Aliases: CVE-2017-1000472 |
security update |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4zzy-q5zp-jkgm | A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM. |
CVE-2009-3720
|
| VCID-qtav-hqnd-b7fa | A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM. |
CVE-2009-3560
|