CVE-2009-0050
lasso - validation bypass
EPSS 0.15%
Description
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
How to fix CVE-2009-0050
To remediate CVE-2009-0050, upgrade the affected package to a fixed version below.
- Debian/lasso—upgrade to 2.2.1-2 or later
- Debian/lasso—upgrade to 0.6.5-3+etch1 or later
Is CVE-2009-0050 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.2.1-2
- from 0, < 0.6.5-3+etch1