CVE-2020-9432
First published: Thu Feb 27 2020(Updated: )
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSL | =0.7.7-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-9432.
What is the severity of CVE-2020-9432?
The severity of CVE-2020-9432 is critical with a CVSS score of 9.1.
What is affected by CVE-2020-9432?
The Lua-openssl project version 0.7.7-1 is affected by CVE-2020-9432.
How does CVE-2020-9432 impact X.509 certificate validation?
CVE-2020-9432 impacts X.509 certificate validation in lua-openssl 0.7.7-1 because it mishandles certain non-boolean return values.
Is there a fix available for CVE-2020-9432?
Yes, a fix for CVE-2020-9432 is available. Please refer to the provided reference for more information.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lua-openssl project
- canonical/openssl
- version/openssl/0.7.7-1