CVE-2022-2996

NameCVE-2022-2996
DescriptionA flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3180-1
Debian Bugs1018213

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-scciclient (PTS)bullseye0.8.0-2vulnerable
bookworm0.12.3-2fixed
forky, sid, trixie0.16.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-scciclientsourcebuster0.7.2-2+deb10u1DLA-3180-1
python-scciclientsource(unstable)0.12.3-21018213

Notes

[bullseye] - python-scciclient <no-dsa> (Minor issue)
https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12)
Search for package or bug name: Reporting problems