Erlang DSA Signature Verification Vulnerability Affecting OpenSSL
CVE-2009-0130

7.5HIGH

Key Information:

Vendor: Erlang
Status: Erlang
Vendor: CVE Published:; 15 January 2009

What is CVE-2009-0130?

In Erlang, a flaw exists in the library handling cryptographic functions, where the return value from the OpenSSL DSA_do_verify function is not adequately checked. This lack of verification could allow remote attackers to bypass the expected validation process for certificate chains, potentially leading to unauthorized access or the exploitation of secure channels via manipulated SSL/TLS signatures. Although a package maintainer argues that proper checks are in place within the pertinent code, this vulnerability raises significant concerns about the robustness of SSL/TLS implementations in affected versions.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520

x_refsource_MISC

http://openwall.com/lists/oss-security/2009/01/12/4

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 15, 2009