Vulnerability in OpenSSL CVE-2009-0789

2009-03-25T00:00:00
ID OPENSSL:CVE-2009-0789
Type openssl
Reporter OpenSSL
Modified 2009-03-25T00:00:00

Description

When a malformed ASN1 structure is received it's contents are freed up and zeroed and an error condition returned. On a small number of platforms where sizeof(long) < sizeof(void *) (for example WIN64) this can cause an invalid memory access later resulting in a crash when some invalid structures are read, for example RSA public keys. Reported by Paolo Ganci.
  • Fixed in OpenSSL 0.9.8k (Affected 0.9.8-0.9.8j)