CVE-2009-2409

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2009-2409

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-2409.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2009-2409

Downstream

DEBIAN-CVE-2009-2409

DSA-1874-1

DSA-1888-1

DSA-1935-1

RHSA-2009:1184

RHSA-2009:1186

RHSA-2009:1190

RHSA-2009:1207

RHSA-2009:1432

RHSA-2009:1560

RHSA-2009:1571

RHSA-2009:1584

RHSA-2009:1662

RHSA-2010:0054

RHSA-2010:0163

RHSA-2010:0166

Related

CGA-w33c-9gxp-p2mm

Withdrawn

2026-01-27T04:09:52.603858Z

Published

2009-07-30T19:30:00Z

Modified

2026-01-27T04:09:52.603858Z

Summary

[none]

Details

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

References

Affected packages