CVE-2009-0127

CVE-2009-0127 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.