CVE-2009-1416

2009-04-3020:30:00

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.028

Percentile

90.7%

JSON

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

Affected configurations

Nvd

Node

gnugnutlsMatch2.5.0

gnugnutlsMatch2.6.0

gnugnutlsMatch2.6.1

gnugnutlsMatch2.6.2

gnugnutlsMatch2.6.3

gnugnutlsMatch2.6.4

gnugnutlsMatch2.6.5

VendorProductVersionCPE
gnugnutls2.5.0cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*
gnugnutls2.6.0cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*
gnugnutls2.6.1cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
gnugnutls2.6.2cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*
gnugnutls2.6.3cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*
gnugnutls2.6.4cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*
gnugnutls2.6.5cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	gnutls	2.5.0	cpe:2.3:a:gnu:gnutls:2.5.0:::::::*
gnu	gnutls	2.6.0	cpe:2.3:a:gnu:gnutls:2.6.0:::::::*
gnu	gnutls	2.6.1	cpe:2.3:a:gnu:gnutls:2.6.1:::::::*
gnu	gnutls	2.6.2	cpe:2.3:a:gnu:gnutls:2.6.2:::::::*
gnu	gnutls	2.6.3	cpe:2.3:a:gnu:gnutls:2.6.3:::::::*
gnu	gnutls	2.6.4	cpe:2.3:a:gnu:gnutls:2.6.4:::::::*
gnu	gnutls	2.6.5	cpe:2.3:a:gnu:gnutls:2.6.5:::::::*