Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-1416
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-30 Apr, 2009 | 20:30
Updated At-23 Apr, 2026 | 00:35

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
GNU
gnu
>>gnutls>>2.5.0
cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.6.0
cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.6.1
cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.6.2
cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.6.3
cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.6.4
cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*
GNU
gnu
>>gnutls>>2.6.5
cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-09-21T00:00:00

Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.

References
HyperlinkSourceResource
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516cve@mitre.org
Exploit
Patch
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.htmlcve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34842cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35211cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200905-04.xmlcve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116cve@mitre.org
N/A
http://www.securityfocus.com/bid/34783cve@mitre.org
N/A
http://www.securitytracker.com/id?1022158cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1218cve@mitre.org
N/A
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/34842af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/35211af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-200905-04.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/34783af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1022158af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1218af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
Source: cve@mitre.org
Resource:
Exploit
Patch
Hyperlink: http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34842
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35211
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200905-04.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34783
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1022158
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1218
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34842
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35211
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200905-04.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34783
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1022158
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1218
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found