{"id":"CVE-2009-2702","details":"KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","modified":"2024-06-04T04:00:19Z","published":"2009-09-08T18:30:00Z","withdrawn":"2024-06-30T15:58:22.993465Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/36468"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/2532"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=520661"}],"affected":[{"package":{"name":"kde4libs","ecosystem":"Debian:10","purl":"pkg:deb/debian/kde4libs?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.3.2-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-2702.json"}}],"schema_version":"1.7.3"}