VDB
CVE-2017-1000256
CVE-2017-1000256
PUBLISHED
Reported by mitre · Published October 31, 2017
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
| alpine | libvirt | 0, 0 |
Timeline
- Oct 31, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- [libvirt-announce] 20171016 LSN-2017-0002 - TLS certificate verification disabled for clients mailing-listx_refsource_MLIST
- x_refsource_MISC
- DSA-4003 vendor-advisoryx_refsource_DEBIAN
- x_refsource_CONFIRM