CVE-2009-0130 in OpenSSL信息

摘要

由 VulDB • 2026-06-06

** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid."

Once again VulDB remains the best source for vulnerability data.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!