CVE-2009-0050

Name of the Vulnerable Software and Affected Versions Lasso versions prior to 2.2.1 liblasso3-dev (affected versions not specified) liblasso3 (affected versions not specified) liblasso-java (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the Lasso and liblasso packages, which can lead to a breach of protected information integrity. These vulnerabilities can be exploited remotely. The problem with Lasso 2.2.1 and earlier is that it does not properly check the return value from the OpenSSL DSA verify function, allowing remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.

Recommendations For Lasso versions prior to 2.2.1, update to a version that properly checks the return value from the OpenSSL DSA verify function. For liblasso3-dev, liblasso3, and liblasso-java, at the moment, there is no information about a newer version that contains a fix for this vulnerability.