Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-3245
HistoryMar 05, 2010 - 12:00 a.m.

CVE-2009-3245

2010-03-0500:00:00
ubuntu.com
ubuntu.com
29
openssl
vulnerability
bn_wexpand
crypto
attack vectors

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.012

Percentile

85.5%

OpenSSL before 0.9.8m does not check for a NULL return value from
bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2)
crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c,
which has unspecified impact and context-dependent attack vectors.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchopenssl<ย 0.9.8a-7ubuntu0.13UNKNOWN
ubuntu8.04noarchopenssl<ย 0.9.8g-4ubuntu3.11UNKNOWN
ubuntu9.04noarchopenssl<ย 0.9.8g-15ubuntu3.6UNKNOWN
ubuntu9.10noarchopenssl<ย 0.9.8g-16ubuntu3.3UNKNOWN
ubuntu10.04noarchopenssl<ย 0.9.8k-7ubuntu8UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.012

Percentile

85.5%