Lucene search

K
opensslOpenSSLOPENSSL:CVE-2009-3245
HistoryFeb 23, 2010 - 12:00 a.m.

Vulnerability in OpenSSL CVE-2009-3245

2010-02-2300:00:00
www.openssl-library.org
59
openssl
vulnerability
cve-2009-3245
memory allocation
application
crash
arbitrary code
martin olsson
neel mehta

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0.012

Percentile

85.5%

It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code.

Found by Martin Olsson, Neel Mehta.

Affected configurations

Vulners
Node
opensslopensslRange0.9.8โ€“0.9.8m
VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0.012

Percentile

85.5%