CVE-2009-1416 : lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys st

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

Published 2009-04-30 20:30:01

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-1416

GNU » Gnutls » Version: 2.6.3
cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*
Matching versions
GNU » Gnutls » Version: 2.6.4
cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*
Matching versions
GNU » Gnutls » Version: 2.6.1
cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
Matching versions
GNU » Gnutls » Version: 2.6.2
cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*
Matching versions
GNU » Gnutls » Version: 2.6.0
cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*
Matching versions
GNU » Gnutls » Version: 2.5.0
cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*
Matching versions
GNU » Gnutls » Version: 2.6.5
cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-1416

EPSS FAQ

5.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1416

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-1416

CWE-310

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2009-1416

Red Hat 2009-09-21

Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.

References for CVE-2009-1416

http://www.securitytracker.com/id?1022158
http://secunia.com/advisories/35211

About Secunia Research | Flexera

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116

Mandriva

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1218

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html

Vendor Advisory
http://security.gentoo.org/glsa/glsa-200905-04.xml

GnuTLS: Multiple vulnerabilities (GLSA 200905-04) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/34783

CVEs referencing this url
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516

Exploit;Patch
http://secunia.com/advisories/34842

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url