« List of all CVEs

CVE-2009-2409

Published: 7/30/2009 Last updated: 8/7/2024 Reserved: 7/9/2009

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (11)

conf-gnutls conf-libcurl conf-libssl conf-mingw-w64-gnutls-i686 conf-mingw-w64-gnutls-x86_64 conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-openssl conf-srt conf-srt-gnutls conf-srt-openssl

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 10.0.17763.3887

References (74)