Published: 13/12/2021 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 608

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Comprehensive Perl Archive Network

CPAN 2.28 allows Signature Verification Bypass.

Vulnerable Product	Search on Vulmon	Subscribe to Product
perl comprehensive perl archive network 2.28
fedoraproject fedora 34
fedoraproject fedora 35

Debian Bug report logs - #1015985 perl: CVE-2020-16156 Package: src:perl; Maintainer for src:perl is Niko Tyni <ntyni@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 24 Jul 2022 19:00:02 UTC Severity: normal Tags: security Reply or subscribe to this bug Toggle useless messagesView this ...

CPAN 228 allows Signature Verification Bypass ...

CPAN 228 allows for a signature verification bypass ...

A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification (CVE-2020-16156) ...

CWE-347 https://metacpan.org/pod/distribution/CPAN/scripts/cpan https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015985 https://nvd.nist.gov https://security.archlinux.org/CVE-2020-16156

CVE-2020-16156

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect