Vulnerability Database
Blog
FAQ
Docs
CVE-2020-16156
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-16156
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-16156.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-16156
Related
DLA-3926-1
UBUNTU-CVE-2020-16156
USN-5689-1
Published
2021-12-13T18:15:07Z
Modified
2024-10-21T15:50:39.217308Z
Severity
7.8 (High)
CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
[none]
Details
CPAN 2.28 allows Signature Verification Bypass.
References
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
https://security-tracker.debian.org/tracker/CVE-2020-16156
Affected packages
Debian:11
/
perl
Package
Name
perl
Purl
pkg:deb/debian/perl?arch=source
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
5.32.1-4+deb11u4
Affected versions
5.*
5.32.1-4
5.32.1-4+deb11u1
5.32.1-4+deb11u2
5.32.1-4+deb11u3
Ecosystem specific
{ "urgency": "not yet assigned" }
Debian:12
/
perl
Package
Name
perl
Purl
pkg:deb/debian/perl?arch=source
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
5.36.0-4
Ecosystem specific
{ "urgency": "not yet assigned" }
Debian:13
/
perl
Package
Name
perl
Purl
pkg:deb/debian/perl?arch=source
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
5.36.0-4
Ecosystem specific
{ "urgency": "not yet assigned" }
CVE-2020-16156 - OSV