What is the severity of CVE-2009-0130?

CVE-2009-0130 is considered a medium severity vulnerability that could lead to the bypass of certificate chain validation.

How do I fix CVE-2009-0130?

To fix CVE-2009-0130, upgrade to a patched version of Erlang that addresses the vulnerability in the crypto_drv.c file.

What types of attacks can exploit CVE-2009-0130?

CVE-2009-0130 can be exploited by remote attackers to bypass SSL/TLS signature validation using a malformed certificate.

Which software versions are affected by CVE-2009-0130?

CVE-2009-0130 affects versions of Erlang/OTP that utilize the vulnerable crypto_drv.c implementation without proper return value checks.

Is CVE-2009-0130 related to any other vulnerabilities?

Yes, CVE-2009-0130 is similar to CVE-2008-5077 in its nature of allowing certificate validation bypass.

Vulnerability/
CVE-2009-0130

high

7.5

CWE

287

15/1/2009

21/1/2025

CVE-2009-0130

First published: Thu Jan 15 2009(Updated: )

** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Nim	=_nil_

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0130?
CVE-2009-0130 is considered a medium severity vulnerability that could lead to the bypass of certificate chain validation.
How do I fix CVE-2009-0130?
To fix CVE-2009-0130, upgrade to a patched version of Erlang that addresses the vulnerability in the crypto_drv.c file.
What types of attacks can exploit CVE-2009-0130?
CVE-2009-0130 can be exploited by remote attackers to bypass SSL/TLS signature validation using a malformed certificate.
Which software versions are affected by CVE-2009-0130?
CVE-2009-0130 affects versions of Erlang/OTP that utilize the vulnerable crypto_drv.c implementation without proper return value checks.
Is CVE-2009-0130 related to any other vulnerabilities?
Yes, CVE-2009-0130 is similar to CVE-2008-5077 in its nature of allowing certificate validation bypass.

agent/references
agent/author
agent/type
agent/weakness
agent/status
agent/description
agent/first-publish-date
agent/event
agent/source
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-index
vendor/erlang
canonical/nim
version/nim/_nil_
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.