6 matches found
EUVD-2009-0057
Malware in sbrugna...
[oCERT-2008-016] Multiple OpenSSL signature verification API misuses
2008-016 multiple OpenSSL signature verification API misuse Description: Several functions inside the OpenSSL library incorrectly check the result after calling the EVPVerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue...
CVE-2009-0048
OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...
Input validation
OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...
CVE-2009-0048
OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...
CVE-2009-0048
OpenEvidence 1.0.6 and earlier are affected by CVE-2009-0048 due to not properly checking the return value from OpenSSL EVP_VerifyFinal, enabling remote attackers to bypass certificate-chain validation via a malformed SSL/TLS signature for DSA and ECDSA keys. Root cause: failed validation check i...