Back to search
CVE-2009-1416
Published: Apr 30, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[help-gnutls] 20090420 Encryption using DSA keys
mailing-list
x_refsource_MLIST
[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]
mailing-list
x_refsource_MLIST
1022158
vdb-entry
x_refsource_SECTRACK
ADV-2009-1218
vdb-entry
x_refsource_VUPEN
34783
vdb-entry
x_refsource_BID
GLSA-200905-04
vendor-advisory
x_refsource_GENTOO
34842
third-party-advisory
x_refsource_SECUNIA
35211
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:116
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now