BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[oCERT-2008-016] Multiple OpenSSL signature verification API misuses Jan 07 2009 02:56PM
Will Drewry (redpig ocert org)
#2008-016 multiple OpenSSL signature verification API misuse

Description:

Several functions inside the OpenSSL library incorrectly check the result
after calling the EVP_VerifyFinal function.

This bug allows a malformed signature to be treated as a good signature
rather than as an error. This iss...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus