CVE-2020-9433

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-9433

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9433.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-9433

Published

2020-02-27T23:15:13Z

Modified

2025-09-19T12:22:33.793705Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

opensslx509checkemail in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values.

References

https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca

Affected packages

Git / github.com/zhaozg/lua-openssl

Affected ranges

Type: GIT
Repo: https://github.com/zhaozg/lua-openssl
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.2.0

0.4.1

0.5.0

0.5.1

0.6.0

0.7.0

0.7.1

0.7.3

0.7.4

0.7.5-1

0.7.5-2

0.7.6

0.7.6-0

0.7.7-0

0.7.7-1

Other

C_HAPPY

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2020-9433-4cd06e71",
            "digest": {
                "line_hashes": [
                    "22836928595141529191685066850239619692",
                    "106986599387145525724451224660792847728",
                    "74519493262181466487554845384721794197",
                    "280888697867625331802704877235200227850",
                    "154054483220335846088511579446771486198",
                    "267533254134363377221949607979454604173",
                    "204981990212129680332363758085545307157",
                    "98992530393241901116686313086310177480",
                    "199227878408358081214466100192279965724",
                    "263702157484803571036870144748488251008",
                    "114318720954917247870547837822146629124",
                    "158357684900794345507666529047056020078",
                    "286866290659580155390661045384064128722",
                    "62721994530567100456368683266321619178",
                    "338618646758722476582036498879945359214",
                    "21619890300510651674773521607288503115",
                    "8212954358513412705418709013267405046",
                    "280942455060433503104360855483769610810",
                    "154054483220335846088511579446771486198",
                    "140483780634121643654969306893870401393",
                    "250075708853721252695872960273065033465",
                    "42884903506212574266368785134170189183",
                    "163396166393160608506044128422848113751",
                    "191927627488366321391462267361978969928",
                    "114318720954917247870547837822146629124",
                    "158357684900794345507666529047056020078",
                    "286866290659580155390661045384064128722",
                    "62721994530567100456368683266321619178",
                    "19681102626805246663346430582904307565",
                    "204769768318649298398039653033569721668",
                    "170577991034165706602269700991028725584",
                    "173127064005335983533428555194088315219",
                    "154054483220335846088511579446771486198",
                    "131858774167645964644283333562486905539",
                    "123651588734344222801094137325714376389",
                    "217740108185072063595681728183804721025",
                    "66871048032382998330533506938251219862",
                    "16007539079517029650398958902187359152",
                    "114318720954917247870547837822146629124",
                    "158357684900794345507666529047056020078",
                    "286866290659580155390661045384064128722",
                    "62721994530567100456368683266321619178",
                    "239742531813508266450201264989882792971",
                    "333821922633842582382169847452655361403",
                    "205597527275293017208162709560329350674",
                    "125826910505508727062612260713313689546",
                    "92283327004125836655248403816180716048",
                    "88926759931379200059650330603768468238",
                    "305696137179422424732345674295111661694",
                    "273356457451933493806803886546582776432",
                    "806049896540884234618375034756838632",
                    "232002524926097764894727784569915899436",
                    "77000589996979842036546471927252202210"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/x509.c"
            },
            "signature_type": "Line",
            "source": "https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca"
        },
        {
            "id": "CVE-2020-9433-69676495",
            "digest": {
                "length": 236.0,
                "function_hash": "210547734265287479549050857811642547746"
            },
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/x509.c",
                "function": "LUA_FUNCTION"
            },
            "signature_type": "Function",
            "source": "https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca"
        },
        {
            "id": "CVE-2020-9433-7fad6c9f",
            "digest": {
                "length": 650.0,
                "function_hash": "259637873822822212959615126157613673457"
            },
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/x509.c",
                "function": "luaopen_x509"
            },
            "signature_type": "Function",
            "source": "https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca"
        },
        {
            "id": "CVE-2020-9433-93b7a8a3",
            "digest": {
                "length": 255.0,
                "function_hash": "252935993758650179501788748738468892715"
            },
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/x509.c",
                "function": "LUA_FUNCTION"
            },
            "signature_type": "Function",
            "source": "https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca"
        },
        {
            "id": "CVE-2020-9433-b3ef22ba",
            "digest": {
                "length": 262.0,
                "function_hash": "44989120962245007864346131133540376789"
            },
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "src/x509.c",
                "function": "LUA_FUNCTION"
            },
            "signature_type": "Function",
            "source": "https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca"
        }
    ]
}