RSS   Vulnerabilities for 'Erlang'   RSS

2009-01-15
 
CVE-2009-0130

CWE-287
 

 
** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid."

 

 >>> Vendor: Erlang 6 Products
Erlang
Crypto
Erlang/otp
OTP
Rebar3
Erlang\/otp


Copyright 2024, cxsecurity.com

 

Back to Top