VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-r3ny-7kn7-ukaa

Vulnerability ID	VCID-r3ny-7kn7-ukaa
Aliases	CVE-2009-2417
Summary	An error in the X.509 certificate handling of cURL might enable remote attackers to conduct man-in-the-middle attacks.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-170

System	Score	Found at
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
epss	0.0733	https://api.first.org/data/v1/epss?cve=CVE-2009-2417
cvssv3.1	High	https://curl.se/docs/CVE-2009-2417.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2417.json
		https://api.first.org/data/v1/epss?cve=CVE-2009-2417
		https://curl.se/docs/CVE-2009-2417.html
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
516181		https://bugzilla.redhat.com/show_bug.cgi?id=516181
541991		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541991
GLSA-200909-20		https://security.gentoo.org/glsa/200909-20
RHSA-2009:1209		https://access.redhat.com/errata/RHSA-2009:1209
USN-1158-1		https://usn.ubuntu.com/1158-1/
USN-818-1		https://usn.ubuntu.com/818-1/

No exploits are available.

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:01:06.002669+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/200909-20	38.0.0