CVE-2009-0124

Name of the Vulnerable Software and Affected Versions tqsllib version 2.0

Description The issue arises from the tqsl verifyDataBlock function in openssl cert.cpp, which fails to properly check the return value from the OpenSSL EVP VerifyFinal function. This allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.

Recommendations For tqsllib version 2.0, ensure that the tqsl verifyDataBlock function correctly checks the return value from the OpenSSL EVP VerifyFinal function to prevent bypassing of certificate chain validation. As a temporary workaround, consider restricting the use of the tqsl verifyDataBlock function until a patch is available.