Fluid Attacks Database

Description

libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libcrypt-openssl-dsa-perl	>=0 <0.13-4	0.13-4
debian 12	libcrypt-openssl-dsa-perl	>=0 <0.13-4	0.13-4
debian 13	libcrypt-openssl-dsa-perl	>=0 <0.13-4	0.13-4
debian 14	libcrypt-openssl-dsa-perl	>=0 <0.13-4	0.13-4

Aliases

1. CVE-2009-01292. NVD-2009-01293. OSV-DEBIAN-2009-01294. OSV-2009-01295. SECURITY-TRACKER-CVE-2009-0129

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.