Unrated severityNVD Advisory· Published Mar 27, 2009· Updated Apr 23, 2026
CVE-2009-0591
CVE-2009-0591
Description
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
Affected products
3cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
28- secunia.com/advisories/34411nvdVendor Advisory
- secunia.com/advisories/34460nvdVendor Advisory
- voodoo-circle.sourceforge.net/sa/sa-20090326-01.htmlnvdVendor Advisory
- www.openssl.org/news/secadv_20090325.txtnvdVendor Advisory
- www.vupen.com/english/advisories/2009/0850nvdVendor Advisory
- ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.ascnvd
- lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlnvd
- marc.infonvd
- marc.infonvd
- secunia.com/advisories/34666nvd
- secunia.com/advisories/35065nvd
- secunia.com/advisories/35380nvd
- secunia.com/advisories/35729nvd
- secunia.com/advisories/36701nvd
- secunia.com/advisories/42724nvd
- secunia.com/advisories/42733nvd
- securitytracker.com/idnvd
- sourceforge.net/project/shownotes.phpnvd
- support.apple.com/kb/HT3865nvd
- www.osvdb.org/52865nvd
- www.php.net/archive/2009.phpnvd
- www.securityfocus.com/bid/34256nvd
- www.vupen.com/english/advisories/2009/1020nvd
- www.vupen.com/english/advisories/2009/1175nvd
- www.vupen.com/english/advisories/2009/1548nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/49432nvd
- kb.bluecoat.com/indexnvd
News mentions
0No linked articles in our index yet.