CVE-2009-2409
published 2009-07-30CVE-2009-2409: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products…
medium5.1CVSS 3.1
AVNACHAuNCPIPAP
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nss | < nss 3.12.3-1 (bookworm) | nss 3.12.3-1 (bookworm) |
| debian | openssl | < nss 3.12.3-1 (bookworm) | nss 3.12.3-1 (bookworm) |
| gnu | gnutls | < 2.6.4 | 2.6.4 |
| gnu | gnutls | >= 2.7.0 < 2.7.4 | 2.7.4 |
| chrome | <= 2.0.172.37 | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — |
CVSS provenance
nvd6.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv5.1MEDIUM