Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gale | Gale | 0.18c | 0.18c |
Gale | Gale | 0.17 | 0.17 |
Gale | Gale | 0.20a | 0.20a |
Gale | Gale | 0.19b | 0.19b |
Gale | Gale | 0.21 | 0.21 |
Gale | Gale | * | 0.99 |
Gale | Gale | 0.15b | 0.15b |
Gale | Gale | 0.90b | 0.90b |
Gale | Gale | 0.91b | 0.91b |
Gale | Gale | 0.19 | 0.19 |
Gale | Gale | 0.18b | 0.18b |
Gale | Gale | 0.90a | 0.90a |
Gale | Gale | 0.15 | 0.15 |
Gale | Gale | 0.90c | 0.90c |
Gale | Gale | 0.17a | 0.17a |
Gale | Gale | 0.91 | 0.91 |
Gale | Gale | 0.15c | 0.15c |
Gale | Gale | 0.18 | 0.18 |
Gale | Gale | 0.91a | 0.91a |
Gale | Gale | 0.16a | 0.16a |
Gale | Gale | 0.19a | 0.19a |
Gale | Gale | 0.16 | 0.16 |