3 matches found
EUVD-2009-0058
Malware in sbrugna...
[oCERT-2008-016] Multiple OpenSSL signature verification API misuses
2008-016 multiple OpenSSL signature verification API misuse Description: Several functions inside the OpenSSL library incorrectly check the result after calling the EVPVerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue...
Input validation
Belgian eID middleware eidlib 2.6.0 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...