CVE-2025-45766

NameCVE-2025-45766
Descriptionpoco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
poco (PTS)bullseye1.10.0-6+deb11u1vulnerable
bullseye (security)1.10.0-6+deb11u2vulnerable
bookworm1.11.0-3+deb12u1vulnerable
forky, sid, trixie1.13.0-6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pocosource(unstable)(unfixed)unimportant

Notes

https://github.com/pocoproject/poco/issues/4921
Negligible and disputed security impact
Search for package or bug name: Reporting problems