CVE-2009-0129 — Improper Authentication in Libcrypt-openssl-dsa-perl

CWE-287 — Improper Authentication6 documents6 sources

Severity

5.0MEDIUMNVD

OSV5.8

EPSS

0.1%

top 77.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl-openssl Libcrypt-openssl-dsa-perl Debian Libcrypt-openssl-dsa-perl

Timeline

PublishedJan 15

Latest updateMay 2

Description

libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/libcrypt-openssl-dsa-perl< libcrypt-openssl-dsa-perl 0.13-4 (bookworm)

▶Debianperl-openssl/libcrypt-openssl-dsa-perl< 0.13-4+3

▶NVDperl-openssl/libcrypt-openssl-dsa-perl_nil_

🔴Vulnerability Details

GHSA

GHSA-cvwp-gwp2-6xqh: libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote a↗2022-05-02

▶

OSV

CVE-2009-0129: libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote a↗2009-01-15

▶

📋Vendor Advisories

Red Hat

perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()↗2009-01-11

▶

Debian

CVE-2009-0129: libcrypt-openssl-dsa-perl - libcrypt-openssl-dsa-perl does not properly check the return value from the Open...↗2009

▶

💬Community

Bugzilla

CVE-2009-0129 perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()↗2009-02-17

▶