5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.6%
DISPUTED lib/crypto/c_src/crypto_drv.c in erlang does not properly
check the return value from the OpenSSL DSA_do_verify function, which might
allow remote attackers to bypass validation of the certificate chain via a
malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
NOTE: a package maintainer disputes this issue, reporting that there is a
proper check within the only code that uses the applicable part of
crypto_drv.c, and thus βthis report is invalid.β
Author | Note |
---|---|
mdeslaur | may not be an issue per debian bug report letβs ignore this |