2 matches found
Input validation
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...
CVE-2009-0047
CVE-2009-0047 affects Gale 0.99 and earlier due to improper checking of the OpenSSL EVP_VerifyFinal return value, allowing a remote attacker to bypass certificate-chain validation via a malformed SSL/TLS signature for DSA/ECDSA keys. The root cause is the same class of issue described in CVE-2008...