CVE-2009-0265

HIGH Year: 2009
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-252
View all →

Vulnerability Description

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.

Related Vulnerabilities

CVE-2002-1372

HIGH
CVSS:7.5(High)

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of servi...

CWE-2522002

CVE-2018-14367

HIGH
CVSS:7.5(High)

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.

CWE-2522018

CVE-2018-20216

HIGH
CVSS:7.5(High)

QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).

CWE-2522018

CVE-2019-10902

HIGH
CVSS:7.5(High)

In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

CWE-2522019

CVE-2019-12107

HIGH
CVSS:7.5(High)

The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.

CWE-2522019

CVE-2019-17178

HIGH
CVSS:7.5(High)

HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argume...

CWE-2522019