CVE-2025-45766

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-45766

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-45766.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-45766

Downstream

UBUNTU-CVE-2025-45766

Withdrawn

2025-08-17T03:57:24Z

Published

2025-08-06T20:15:28Z

Modified

2025-08-17T04:53:51.443240Z

Summary

[none]

Details

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

References

Affected packages

Debian:11 / poco

Package

Name: poco
Purl: pkg:deb/debian/poco?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.0-6

1.10.0-6+deb11u1

1.10.0-6+deb11u2

1.11.0-1

1.11.0-2

1.11.0-3

1.11.0-3+hurd.1

1.11.0-4

1.11.0-4.1

1.13.0-1

1.13.0-2

1.13.0-3

1.13.0-4

1.13.0-5

1.13.0-6

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / poco

Package

Name: poco
Purl: pkg:deb/debian/poco?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.0-3

1.11.0-3+deb12u1

1.11.0-3+hurd.1

1.11.0-4

1.11.0-4.1

1.13.0-1

1.13.0-2

1.13.0-3

1.13.0-4

1.13.0-5

1.13.0-6

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / poco

Package

Name: poco
Purl: pkg:deb/debian/poco?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.0-6

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / poco

Package

Name: poco
Purl: pkg:deb/debian/poco?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.0-6

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/pocoproject/poco

Affected ranges

Type: GIT
Repo: https://github.com/pocoproject/poco
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

fee4dccb44396911e9559c6875e88146f64b7f55

Affected versions

poco-1.*

poco-1.10.0-release

poco-1.10.1-release

poco-1.11.0-release

poco-1.11.1

poco-1.11.1-release

poco-1.11.2-release

poco-1.11.3-release

poco-1.14.0-release

poco-1.14.1-release

poco-1.5.1-release

poco-1.5.2-rc1

poco-1.5.2-rc2

poco-1.5.2-rc3

poco-1.5.2-release

poco-1.5.3-rc1

poco-1.5.3-release

poco-1.5.4-release

poco-1.6.0-release

poco-1.6.1-release

poco-1.7.0-release

poco-1.7.1-release

poco-1.7.2-release

poco-1.7.3-release

poco-1.7.4-release

poco-1.7.5-release

poco-1.7.6-release

poco-1.7.7-release

poco-1.7.8-release

poco-1.7.8p1-release

poco-1.7.8p2-release

poco-1.7.8p3-release

poco-1.7.9-release

poco-1.7.9p1-release

poco-1.7.9p2-release

poco-1.8.0-release

poco-1.8.0.1-release

poco-1.8.1-release

poco-1.9.0-release

poco-1.9.1-release

poco-1.9.2-release

poco-1.9.3-release

poco-1.9.4-release