Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2009-3245

Published: 05/03/2010 Updated: 19/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Openssl

Vulnerability Summary

OpenSSL prior to 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.8j

openssl openssl 0.9.8i

openssl openssl 0.9.8a

openssl openssl 0.9.8

openssl openssl 0.9.8e

openssl openssl 0.9.8d

openssl openssl

openssl openssl 0.9.8k

openssl openssl 0.9.8c

openssl openssl 0.9.8b

openssl openssl 0.9.8h

openssl openssl 0.9.8g

openssl openssl 0.9.8f

Vendor Advisories

Debian CVElist Bug Report Logs: openssl: OpenSSL does not check for a NULL return value from bn_wexpand function calls
Debian Bug report logs - #575433 openssl: OpenSSL does not check for a NULL return value from bn_wexpand function calls Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: "A Maitland Bottoms" <bo ...
Ubuntu Security Notice: openssl vulnerabilities
It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges This issue only affected Ubuntu 606 LTS, 804 LTS, 904 and 910 (CVE-2009-3245) ...
Red Hat: Important: openssl096b security update
Synopsis Important: openssl096b security update Type/Severity Security Advisory: Important Topic Updated openssl096b packages that fix one security issue are now availablefor Red Hat Enterprise Linux 3 and 4The Red Hat Security Response Team has rated this update as havingimportant security impact A Commo ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic Updated openssl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerabi ...

Mailing Lists

Full Disclosure: XL-19-006 - ABB HMI Outdated Software Components
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> XL-19-006 - ABB HMI Outdated Software Components <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: xen1thLa ...

References

CWE-20http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049http://marc.info/?l=openssl-cvs&m=126692170906712&w=2http://marc.info/?l=openssl-cvs&m=126692180606861&w=2http://secunia.com/advisories/38761http://marc.info/?l=openssl-cvs&m=126692159706582&w=2http://www.securityfocus.com/bid/38562http://www.vupen.com/english/advisories/2010/0839http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:076http://www.vupen.com/english/advisories/2010/0933http://www.vupen.com/english/advisories/2010/0916http://secunia.com/advisories/39461http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory.aschttp://secunia.com/advisories/39932http://www.vupen.com/english/advisories/2010/1216http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://www.ubuntu.com/usn/USN-1003-1http://www.redhat.com/support/errata/RHSA-2010-0977.htmlhttp://secunia.com/advisories/42724http://secunia.com/advisories/42733https://kb.bluecoat.com/index?page=content&id=SA50https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlhttps://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlhttp://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlhttp://support.apple.com/kb/HT4723http://www.redhat.com/support/errata/RHSA-2011-0896.htmlhttp://secunia.com/advisories/37291http://marc.info/?l=bugtraq&m=127128920008563&w=2http://marc.info/?l=bugtraq&m=127678688104458&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575433https://usn.ubuntu.com/1003-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook