VYPR
Unrated severityNVD Advisory· Published Aug 31, 2009· Updated Jun 16, 2026

CVE-2009-3024

CVE-2009-3024

Description

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16
  • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.14:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.16_1:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.16_2:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.16_3:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.24:*:*:*:*:*:*:*
    • cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.25:*:*:*:*:*:*:*
    • (no CPE)range: 1.14 - 1.25

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.