Vulnerability CVE-2009-1415: Information

Description

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-1415
Published: May 1, 2009
Modified: Feb. 9, 2024
Error type identifier: CWE-824

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488
  • Broken Link
  • Exploit
[gnutls-devel] 20090423 Re: some crashes on using DSA keys
  • Broken Link
[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415]
  • Broken Link
  • Patch
34842
  • Broken Link
  • Vendor Advisory
1022157
  • Broken Link
  • Third Party Advisory
  • VDB Entry
ADV-2009-1218
  • Broken Link
34783
  • Broken Link
  • Third Party Advisory
  • VDB Entry
MDVSA-2009:116
  • Broken Link
GLSA-200905-04
  • Third Party Advisory
35211
  • Broken Link
gnutls-libgnutls-dos(50445)
  • Third Party Advisory
  • VDB Entry
gnutls-dsa-dos(50260)
  • Not Applicable
gnutls-dsa-code-execution(50257)
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
      End excliding
      2.6.6
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top