CVE-2008-5077

Published: 07 January 2009

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Priority

High

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
Upstream
Released (0.9.8j)