CVE-2019-25219

Nov. 1, 2024, 12:57 p.m.

7.5
High

Description

Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no associated error information from the SSL library being used.

Product(s) Impacted

Product Versions
Asio C++ Library
  • ['before 1.13.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References

https://github.com/chriskohlhoff/asio/commit/93337cba7b013150f5aa6194393e1d94be2853ec
https://github.com/chriskohlhoff/asio/compare/asio-1-12-2...asio-1-13-0
https://think-async.com/Asio/

Tags

cve@mitre.org
CWE-1188
2024-10-29
CVE-2019-25219

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    View Vector String

Timeline

Published: Oct. 29, 2024, 5:15 p.m.
Last Modified: Nov. 1, 2024, 12:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.