CVE-2009-3245

EPSS 19.55%
Veröffentlicht 05.03.2010 19:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 37

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version <= 0.9.8l

OpenSSL ≫ OpenSSL Version0.9.8

OpenSSL ≫ OpenSSL Version0.9.8a

OpenSSL ≫ OpenSSL Version0.9.8b

OpenSSL ≫ OpenSSL Version0.9.8c

OpenSSL ≫ OpenSSL Version0.9.8d

OpenSSL ≫ OpenSSL Version0.9.8e

OpenSSL ≫ OpenSSL Version0.9.8f

OpenSSL ≫ OpenSSL Version0.9.8g

OpenSSL ≫ OpenSSL Version0.9.8h

OpenSSL ≫ OpenSSL Version0.9.8i

OpenSSL ≫ OpenSSL Version0.9.8j

OpenSSL ≫ OpenSSL Version0.9.8k

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	19.55%	0.952

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/38761

Vendor Advisory

http://secunia.com/advisories/42724

http://secunia.com/advisories/42733

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

https://kb.bluecoat.com/index?page=content&id=SA50

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://marc.info/?l=bugtraq&m=127678688104458&w=2

https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

http://www.redhat.com/support/errata/RHSA-2011-0896.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html