CVE-2009-0591

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8h through 0.9.8j

Description The issue is related to the CMS verify function in OpenSSL, which does not properly handle errors associated with malformed signed attributes when CMS is enabled. This allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

Recommendations For OpenSSL versions 0.9.8h through 0.9.8j, consider disabling the CMS verify function until a patch is available. Restrict access to CMS functionality to minimize the risk of exploitation.