DescriptionIrssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2010:011, published Mon, 10 May 2010 14:00:00 +0000
- openSUSE-SU-2010:0183-1, published Thu, 29 Apr 2010 15:08:14 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA irssi-0.8.20-3.1
SUSE Timeline for this CVECVE page created: Fri Jun 28 04:08:08 2013
CVE page last modified: Fri Oct 7 12:45:53 2022