{
  "threat_severity" : "Moderate",
  "public_date" : "2009-04-30T00:00:00Z",
  "bugzilla" : {
    "description" : "gnutls: Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1]",
    "id" : "498423",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=498423"
  },
  "details" : [ "lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free." ],
  "statement" : "Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-1415\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1415" ],
  "name" : "CVE-2009-1415",
  "csaw" : false
}