{"id":"CVE-2017-10789","details":"The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.","modified":"2026-03-19T12:30:46.171759Z","published":"2017-07-01T18:29:00.237Z","related":["MGASA-2018-0031","MGASA-2018-0283","SUSE-SU-2018:1449-1","SUSE-SU-2018:1450-1","openSUSE-SU-2024:11160-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99364"},{"type":"ADVISORY","url":"https://github.com/perl5-dbi/DBD-mysql/issues/110"},{"type":"ADVISORY","url":"https://github.com/perl5-dbi/DBD-mysql/pull/114"},{"type":"REPORT","url":"https://github.com/perl5-dbi/DBD-mysql/issues/140"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/perl5-dbi/dbd-mysql","events":[{"introduced":"0"},{"last_affected":"6fd72e55c9771b25b5775d08a120baae3181806e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.043"}]}}],"versions":["4.030_01","4.030_02","4.031","4.032","4.032_01","4.032_02","4.032_03","4.033","4.033_01","4.033_02","4.033_03","4.034","4.035","4.035_01","4.035_02","4.035_03","4.036","4.037","4.037_01","4.037_02","4.038","4.038_01","4.040","4.041","4.041_01","4.041_2","4.042","4.043","4_012","4_013","4_014","4_015","4_019","4_020","4_022","4_022_1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-10789.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}