Lucene search

[email protected]NVD:CVE-2009-0789

HistoryMar 27, 2009 - 4:30 p.m.

CVE-2009-0789

2009-03-2716:30:02

CWE-189

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.2 High

AI Score

Confidence

High

0.117 Low

EPSS

Percentile

95.3%

JSON

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8j

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5beta1

opensslopensslMatch0.9.5beta2

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.5abeta1

opensslopensslMatch0.9.5abeta2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6beta1

opensslopensslMatch0.9.6beta2

opensslopensslMatch0.9.6beta3

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6abeta1

opensslopensslMatch0.9.6abeta2

opensslopensslMatch0.9.6abeta3

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7beta1

opensslopensslMatch0.9.7beta2

opensslopensslMatch0.9.7beta3

opensslopensslMatch0.9.7beta4

opensslopensslMatch0.9.7beta5

opensslopensslMatch0.9.7beta6

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

marc.info/?l=bugtraq&m=124464882609472&w=2

marc.info/?l=bugtraq&m=127678688104458&w=2

secunia.com/advisories/34411

secunia.com/advisories/34460

secunia.com/advisories/34666

secunia.com/advisories/35065

secunia.com/advisories/35380

secunia.com/advisories/35729

secunia.com/advisories/36701

secunia.com/advisories/42724

secunia.com/advisories/42733

securitytracker.com/id?1021906

sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

support.apple.com/kb/HT3865

voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

www.openssl.org/news/secadv_20090325.txt

www.osvdb.org/52866

www.php.net/archive/2009.php#id2009-04-08-1

www.securityfocus.com/bid/34256

www.vupen.com/english/advisories/2009/0850

www.vupen.com/english/advisories/2009/1020

www.vupen.com/english/advisories/2009/1175

www.vupen.com/english/advisories/2009/1548

exchange.xforce.ibmcloud.com/vulnerabilities/49433

kb.bluecoat.com/index?page=content&id=SA50

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.2 High

AI Score

Confidence

High

0.117 Low

EPSS

Percentile

95.3%

JSON

Related for NVD:CVE-2009-0789

prion1 cvelist1 debiancve1 f52 redhatcve1 cve1 openssl1 ubuntucve1 nessus20 openvas19 threatpost1 altlinux4 slackware1 suse2 lenovo2