CVE-2009-0048 in OpenEvidence
摘要
由 VulDB • 2026-07-03
OpenEvidence 1.0.6及更早版本未正确检查 OpenSSL EVP_VerifyFinal函数的返回值,这允许远程攻击者通过针对DSA和ECDSA密钥的畸形SSL/TLS签名绕过证书链验证,该漏洞与CVE-2008-5077类似。
If you want to get best quality of vulnerability data, you may have to visit VulDB.