CVE-2009-1415

Name: CVE-2009-1415
Creator: NVD / NIST
Published: 2009-04-30T20:30:00.563+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 7.92%

Last modified Jun 16, 2026

CVE-2009-1415 is a vulnerability of currently unknown severity. lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.. EPSS estimates a 7.92% chance of exploitation in the next 30 days.

Description

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.

Metrics

EPSS Probability

7.92%

94.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-824

Affected Software

Vendor	Product	Versions
Gnu	Gnutls	< 2.6.6

References

http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515Broken Link, Patch
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502Broken Link
http://secunia.com/advisories/34842Broken Link, Vendor Advisory
http://secunia.com/advisories/35211Broken Link
http://security.gentoo.org/glsa/glsa-200905-04.xmlThird Party Advisory
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488Broken Link, Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116Broken Link
http://www.securityfocus.com/bid/34783Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1022157Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2009/1218Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50257Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50260Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/50445Third Party Advisory, VDB Entry
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515Broken Link, Patch
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502Broken Link
http://secunia.com/advisories/34842Broken Link, Vendor Advisory
http://secunia.com/advisories/35211Broken Link
http://security.gentoo.org/glsa/glsa-200905-04.xmlThird Party Advisory
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488Broken Link, Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116Broken Link
http://www.securityfocus.com/bid/34783Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1022157Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2009/1218Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50257Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50260Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/50445Third Party Advisory, VDB Entry

Timeline

Published: Apr 30, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-1415?

How severe is CVE-2009-1415?

Severity scoring for CVE-2009-1415 is pending analysis. The EPSS model estimates a 7.92% probability of exploitation in the next 30 days.

How do I fix CVE-2009-1415?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-1415?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST