CVE-2020-16156

CPAN 2.28 allows Signature Verification Bypass.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
perlcomprehensive_perl_archive_network
2.28
perlcomprehensive_perl_archive_network
2.28:trial
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
perl
bullseye
vulnerable
buster
no-dsa
stretch
no-dsa
bullseye (security)
5.32.1-4+deb11u4
fixed
bookworm
5.36.0-7+deb12u1
fixed
sid
5.40.0-6
fixed
trixie
5.40.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
perl
lunar
Fixed 5.36.0-4ubuntu2
released
kinetic
Fixed 5.34.0-5ubuntu1.1
released
jammy
Fixed 5.34.0-3ubuntu1.1
released
impish
ignored
hirsute
ignored
focal
Fixed 5.30.0-9ubuntu0.3
released
bionic
Fixed 5.26.1-6ubuntu0.6
released
xenial
Fixed 5.22.1-9ubuntu0.9+esm1
released
trusty
Fixed 5.18.2-2ubuntu1.7+esm4
released
Common Weakness Enumeration
References
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan