CVE-2009-0126
EPSS 0.50%boinc - validation bypass
發布日:2009/1/15修改日:2026/3/9
描述
The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
受影響套件(2)
- Debian/boincfrom 0, < 6.2.14-3
- Debian/boincfrom 0, < 5.4.11-4+etch1