Unrated severityNVD Advisory· Published Sep 29, 2009· Updated Apr 23, 2026

CVE-2009-3477

Description

The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Affected products

Rim/Blackberry Device Software5 versions
cpe:2.3:a:rim:blackberry_device_software:4.5.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:rim:blackberry_device_software:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_device_software:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_device_software:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_device_software:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:rim:blackberry_device_software:4.7.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/36875nvdVendor Advisory
www.blackberry.com/btsc/viewContent.donvdVendor Advisory
www.securityfocus.com/bid/36528nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/53490nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000