CVE-2019-0223

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-0223

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0223.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-0223

Downstream

DEBIAN-CVE-2019-0223

RHBA-2019:4199

RHSA-2019:0886

RHSA-2019:1398

RHSA-2019:1399

RHSA-2019:1400

RHSA-2019:2777

RHSA-2019:2778

RHSA-2019:2779

RHSA-2019:2780

RHSA-2019:2781

RHSA-2019:2782

SUSE-SU-2024:1074-1

UBUNTU-CVE-2019-0223

openSUSE-SU-2024:13808-1

Related

Published

2019-04-23T16:29:00Z

Modified

2025-08-09T20:01:27Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

References

Affected packages