CVE-2022-45197
7.5HIGHSlixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
Published: 12/25/2022Updated: 4/14/2025
Description
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
AI AnalysisPowered by AI
Affected Products
slixmpp_projectslixmpp
References
- https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.pyPatchThird Party Advisory
- https://github.com/poezio/slixmpp/tagsThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7faPatchThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commits/masterPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-07
- https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.pyPatchThird Party Advisory
- https://github.com/poezio/slixmpp/tagsThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7faPatchThird Party Advisory
- https://lab.louiz.org/poezio/slixmpp/-/commits/masterPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-07