CVE-2009-1415

MEDIUM Year: 2009
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-824
View all →

Vulnerability Description

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.

Related Vulnerabilities

CVE-2017-12561

CRITICAL
CVSS:9.8(Critical)

A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found.

CWE-8242017

CVE-2018-11743

CRITICAL
CVSS:9.8(Critical)

The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and applic...

CWE-8242018

CVE-2018-14356

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.

CWE-8242018

CVE-2020-11138

CRITICAL
CVSS:9.8(Critical)

Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivi...

CWE-8242020

CVE-2020-17446

CRITICAL
CVSS:9.8(Critical)

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized poin...

CWE-8242020

CVE-2020-25573

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.

CWE-8242020