fkie_cve-2009-3245
Vulnerability from fkie_nvd
Published
2010-03-05 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | * | |
| openssl | openssl | 0.9.8 | |
| openssl | openssl | 0.9.8a | |
| openssl | openssl | 0.9.8b | |
| openssl | openssl | 0.9.8c | |
| openssl | openssl | 0.9.8d | |
| openssl | openssl | 0.9.8e | |
| openssl | openssl | 0.9.8f | |
| openssl | openssl | 0.9.8g | |
| openssl | openssl | 0.9.8h | |
| openssl | openssl | 0.9.8i | |
| openssl | openssl | 0.9.8j | |
| openssl | openssl | 0.9.8k |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "81FB3B26-CC83-4FA5-BDE1-05F35AB99741", versionEndIncluding: "0.9.8l", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "8A4E446D-B9D3-45F2-9722-B41FA14A6C31", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", matchCriteriaId: "AF4EA988-FC80-4170-8933-7C6663731981", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", matchCriteriaId: "64F8F53B-24A1-4877-B16E-F1917C4E4E81", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", matchCriteriaId: "75D3ACD5-905F-42BB-BE1A-8382E9D823BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", matchCriteriaId: "766EA6F2-7FA4-4713-9859-9971CCD2FDCB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", matchCriteriaId: "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", matchCriteriaId: "2BB38AEA-BAF0-4920-9A71-747C24444770", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", matchCriteriaId: "1F33EA2B-DE15-4695-A383-7A337AC38908", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", matchCriteriaId: "261EE631-AB43-44FE-B02A-DFAAB8D35927", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", matchCriteriaId: "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", matchCriteriaId: "1A1365ED-4651-4AB2-A64B-43782EA2F0E8", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", matchCriteriaId: "EC82690C-DCED-47BA-AA93-4D0C9E95B806", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.", }, { lang: "es", value: "OpenSSL en versiones anterioes a v0.9.8m cuando recibe un valor de retorno NULL de la funcion bn_wexpand hace una llamada a (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, y (4) engines/e_ubsec.c, lo que tiene un impacto inespecifico y vectores de ataque dependientes del contexto.", }, ], id: "CVE-2009-3245", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-03-05T19:30:00.343", references: [ { source: "cve@mitre.org", url: "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=127678688104458&w=2", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://marc.info/?l=openssl-cvs&m=126692159706582&w=2", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://marc.info/?l=openssl-cvs&m=126692170906712&w=2", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://marc.info/?l=openssl-cvs&m=126692180606861&w=2", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/37291", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/38761", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/39461", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/39932", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/42724", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/42733", }, { source: "cve@mitre.org", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT4723", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2010-0977.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2011-0896.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/38562", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-1003-1", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/0839", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/0916", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/0933", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/1216", }, { source: "cve@mitre.org", url: "https://kb.bluecoat.com/index?page=content&id=SA50", }, { source: "cve@mitre.org", url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html", }, { source: "cve@mitre.org", url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=127128920008563&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=127678688104458&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://marc.info/?l=openssl-cvs&m=126692159706582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://marc.info/?l=openssl-cvs&m=126692170906712&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://marc.info/?l=openssl-cvs&m=126692180606861&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/37291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/38761", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/39461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/39932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/42733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT4723", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2010-0977.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0896.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/38562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1003-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/0839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/0916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/0933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/1216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kb.bluecoat.com/index?page=content&id=SA50", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3245\n\nThis issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0162.html\n\nThis issue was fixed in openssl096b packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0173.html\n\nThe Red Hat Security Response Team has rated this issue as having low security impact on openssl packages in Red Hat Enterprise Linux 3 and 4, a future update may address this flaw.", lastModified: "2010-03-25T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.