CVE-2009-0127

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2009-0127

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-0127.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-0127

Downstream

DEBIAN-CVE-2009-0127

Published

2009-01-15T17:30:00Z

Modified

2026-04-10T03:40:32.686305Z

Summary

[none]

Details

M2Crypto does not properly check the return value from the OpenSSL EVPVerifyFinal, DSAverify, ECDSAverify, DSAdoverify, and ECDSAdo_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.

Database specific

{
    "isDisputed": true
}

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515
http://openwall.com/lists/oss-security/2009/01/12/4
https://bugzilla.redhat.com/show_bug.cgi?id=479676
https://bugzilla.redhat.com/show_bug.cgi?id=479676

CVE-2009-0127

Affected packages