10

CVE-2009-3245

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8l
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
OpenSSLOpenSSL Version0.9.8d
OpenSSLOpenSSL Version0.9.8e
OpenSSLOpenSSL Version0.9.8f
OpenSSLOpenSSL Version0.9.8g
OpenSSLOpenSSL Version0.9.8h
OpenSSLOpenSSL Version0.9.8i
OpenSSLOpenSSL Version0.9.8j
OpenSSLOpenSSL Version0.9.8k
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.73% 0.931
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/38761
Vendor Advisory
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
https://kb.bluecoat.com/index?page=content&id=SA50
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://marc.info/?l=bugtraq&m=127678688104458&w=2
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
http://marc.info/?l=bugtraq&m=127128920008563&w=2
http://secunia.com/advisories/37291
http://secunia.com/advisories/39461
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
http://www.vupen.com/english/advisories/2010/0916
http://www.vupen.com/english/advisories/2010/0933
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
http://www.vupen.com/english/advisories/2010/0839
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
Patch
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
Patch
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
Patch
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
http://secunia.com/advisories/39932
http://support.apple.com/kb/HT4723
http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://www.securityfocus.com/bid/38562
http://www.ubuntu.com/usn/USN-1003-1
http://www.vupen.com/english/advisories/2010/1216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790