VulnerableCode Package Details - pkg:deb/debian/poco@1.3.6p1-5

Search for packages

Vulnerability	Summary	Fixed by
VCID-2yhr-1v3n-p7a4 Aliases: CVE-2023-52389	Integer Overflow or Wraparound UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.	1.11.0-3+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9tkd-v4dq-2bd4 Aliases: CVE-2017-1000472	security update	1.3.6p1-5+deb8u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.7.6+dfsg1-5+deb9u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.9.0-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2yhr-1v3n-p7a4
Aliases:
CVE-2023-52389

Integer Overflow or Wraparound UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.

1.11.0-3+deb12u1
Affected by 1 other vulnerability.

VCID-9tkd-v4dq-2bd4
Aliases:
CVE-2017-1000472

security update

1.3.6p1-5+deb8u1
Affected by 2 other vulnerabilities.

1.7.6+dfsg1-5+deb9u1
Affected by 2 other vulnerabilities.

1.9.0-5
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-7pjn-2s13-d7by	The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.	CVE-2014-0350

Vulnerability

Summary

Aliases

VCID-7pjn-2s13-d7by

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

CVE-2014-0350

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T23:46:31.008443+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:23:32.826140+00:00	Debian Oval Importer	Fixing	VCID-7pjn-2s13-d7by	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:50:12.438352+00:00	Debian Oval Importer	Affected by	VCID-2yhr-1v3n-p7a4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:35:55.028206+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T13:46:45.107890+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-11T23:21:07.348085+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:06:42.459248+00:00	Debian Oval Importer	Fixing	VCID-7pjn-2s13-d7by	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:36:13.966360+00:00	Debian Oval Importer	Affected by	VCID-2yhr-1v3n-p7a4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:24:11.715567+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:35:27.828624+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-08T22:54:25.181628+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:50:57.970122+00:00	Debian Oval Importer	Fixing	VCID-7pjn-2s13-d7by	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:23:44.976842+00:00	Debian Oval Importer	Affected by	VCID-2yhr-1v3n-p7a4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T22:57:43.616339+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:11:06.582197+00:00	Debian Oval Importer	Affected by	VCID-9tkd-v4dq-2bd4	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0