Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
erlang _nil_ 授权问题漏洞
Vulnerability Description
** 有争议的 **erlang中的lib/crypto/c_src/crypto_drv.c没有正确的检查来自OpenSSL DSA_do_verify函数的返回值,这可能使得远程攻击者可以借助一个畸形的SSL/TLS签名,来绕过对信任证书链的校验。
CVSS Information
N/A
Vulnerability Type
N/A