4.3
CVE-2009-1415
- EPSS 7.92%
- Veröffentlicht 30.04.2009 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.92% | 0.94 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-824 Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized.
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502
http://secunia.com/advisories/34842
http://secunia.com/advisories/35211
http://security.gentoo.org/glsa/glsa-200905-04.xml
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
http://www.securityfocus.com/bid/34783
http://www.securitytracker.com/id?1022157
http://www.vupen.com/english/advisories/2009/1218
https://exchange.xforce.ibmcloud.com/vulnerabilities/50257
https://exchange.xforce.ibmcloud.com/vulnerabilities/50260
https://exchange.xforce.ibmcloud.com/vulnerabilities/50445