Unrated severityNVD Advisory· Published Apr 30, 2009· Updated Apr 23, 2026

CVE-2009-1416

Description

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

Affected products

GNU/Gnutls7 versions
cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516nvdExploitPatch
lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.htmlnvdVendor Advisory
secunia.com/advisories/34842nvdVendor Advisory
secunia.com/advisories/35211nvd
security.gentoo.org/glsa/glsa-200905-04.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/bid/34783nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2009/1218nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000