Vulnerability CVE-2009-1415: Information
Description
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
Severity: MEDIUM (4.3)
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488 |
|
[gnutls-devel] 20090423 Re: some crashes on using DSA keys |
|
[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415] |
|
34842 |
|
1022157 |
|
ADV-2009-1218 |
|
34783 |
|
MDVSA-2009:116 |
|
GLSA-200905-04 |
|
35211 |
|
gnutls-libgnutls-dos(50445) |
|
gnutls-dsa-dos(50260) |
|
gnutls-dsa-code-execution(50257) |
|