Security Advisory

CVE-2008-5077

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-01-07 17:00:00

Last updated 2024-08-07 10:40:16

Assigner redhat

State PUBLISHED

Description

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

← Browse all CVEs View on cve.org ↗