Sha256: 15d906bdfa87abad808807e19bcd6798d3936881c68563853643e83adc9a1227

Contents?: true

Size: 573 Bytes

Versions: 6

Compression:

Stored size: 573 Bytes

Contents

---
engine: ruby
cve: 2009-0642
url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528
title: Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
date: 2009-01-29
description: |
  ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the
  return value from the OCSP_basic_verify function, which might allow remote
  attackers to successfully present an invalid X.509 certificate, possibly
  involving a revoked certificate.
cvss_v2: 6.8
patched_versions:
  - ~> 1.8.6.369
  - ~> 1.8.7.173
  - ~> 1.9.1.129
  - ">= 1.9.2.preview.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2009-0642.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2009-0642.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2009-0642.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2009-0642.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/CVE-2009-0642.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/CVE-2009-0642.yml