CVE-2009-0130

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2009-0130

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-0130.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-0130

Downstream

DEBIAN-CVE-2009-0130

Published

2009-01-15T17:30:00Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid.

Database specific

{
    "isDisputed": true
}

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520
http://openwall.com/lists/oss-security/2009/01/12/4

CVE-2009-0130

Affected packages