Lucene search

[email protected]CVE-2009-3245

HistoryMar 05, 2010 - 7:30 p.m.

CVE-2009-3245

2010-03-0519:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-3245

openssl

security vulnerability

null return value

bn_wexpand

crypto

attack vectors

nvd

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.3%

JSON

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

CPENameOperatorVersion
openssl:opensslopenssleq0.9.8b
openssl:opensslopensslle0.9.8l
openssl:opensslopenssleq0.9.8c
openssl:opensslopenssleq0.9.8e
openssl:opensslopenssleq0.9.8g
openssl:opensslopenssleq0.9.8k
openssl:opensslopenssleq0.9.8d
openssl:opensslopenssleq0.9.8j
openssl:opensslopenssleq0.9.8a
openssl:opensslopenssleq0.9.8

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	0.9.8b
openssl:openssl	openssl	le	0.9.8l
openssl:openssl	openssl	eq	0.9.8c
openssl:openssl	openssl	eq	0.9.8e
openssl:openssl	openssl	eq	0.9.8g
openssl:openssl	openssl	eq	0.9.8k
openssl:openssl	openssl	eq	0.9.8d
openssl:openssl	openssl	eq	0.9.8j
openssl:openssl	openssl	eq	0.9.8a
openssl:openssl	openssl	eq	0.9.8

Rows per page:

1-10 of 131

References

aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc

lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

marc.info/?l=bugtraq&m=127128920008563&w=2

marc.info/?l=bugtraq&m=127678688104458&w=2

marc.info/?l=openssl-cvs&m=126692159706582&w=2

marc.info/?l=openssl-cvs&m=126692170906712&w=2

marc.info/?l=openssl-cvs&m=126692180606861&w=2

packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html

secunia.com/advisories/37291

secunia.com/advisories/38761

secunia.com/advisories/39461

secunia.com/advisories/39932

secunia.com/advisories/42724

secunia.com/advisories/42733

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

support.apple.com/kb/HT4723

www.mandriva.com/security/advisories?name=MDVSA-2010:076

www.redhat.com/support/errata/RHSA-2010-0977.html

www.redhat.com/support/errata/RHSA-2011-0896.html

www.securityfocus.com/bid/38562

www.ubuntu.com/usn/USN-1003-1

www.vupen.com/english/advisories/2010/0839

www.vupen.com/english/advisories/2010/0916

www.vupen.com/english/advisories/2010/0933

www.vupen.com/english/advisories/2010/1216

kb.bluecoat.com/index?page=content&id=SA50

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for CVE-2009-3245

prion1 oraclelinux3 f52 centos3 openvas45 openssl1 ubuntucve1 veracode1 nessus37 redhat4 debiancve1 suse1 ubuntu1 securityvulns3 fedora4 ibm1 altlinux4 vmware2 gentoo1 lenovo2