suse · CVE-2009-4028

Quick triage

Priority: medium Published: 2021-05-30 12:49:19 UTC Updated: 2026-04-18 20:16:26 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2009-4028 severity moderate: SUSE including 185 source package names (liblz4-1-1.8.0-3.5.2, libmariadb-devel-3.1.22-2.35.1, …), 350 product×package rows across 49 product lines (SUSE CaaS Platform 4.0, SUSE Linux Enterprise Desktop 12, … (49 product lines)): Fixed 321, Known Not Affected 29.

Description:

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

cvelogic Threat Intelligence