CVE-2009-1415

GnuTLS < 2.6.6 - Denial of Service via Invalid DSA Signature Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1415. PoCs published by Miroslav Kratochvil.

AI-analyzed exploit summary This exploit demonstrates a double-free vulnerability in GnuTLS versions prior to 2.6.6 by importing a crafted DSA certificate and verifying data, which can lead to a crash or potential code execution.

Description

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Miroslav Kratochvil · cdoslinux

https://www.exploit-db.com/exploits/32964

View Code ZIP pw:eip

This exploit demonstrates a double-free vulnerability in GnuTLS versions prior to 2.6.6 by importing a crafted DSA certificate and verifying data, which can lead to a crash or potential code execution.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: GnuTLS < 2.6.6

No auth needed

Prerequisites: GnuTLS library < 2.6.6

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50445

Broken Link mailing-list x_refsource_mlist

http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502

Broken Link, Patch mailing-list x_refsource_mlist

http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50257

Broken Link, Exploit x_refsource_confirm

http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488

Not Applicable vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50260

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1218

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34783

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200905-04.xml

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022157

Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34842

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35211

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:116

Scores

EPSS 0.0792

EPSS Percentile 94.0%

Details

CWE

CWE-824

Status published

Products (1)

gnu/gnutls < 2.6.6

Published Apr 30, 2009

Tracked Since Feb 18, 2026