CVE - CVE-2009-0789

CVE-ID
CVE-2009-0789	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021906 URL:http://securitytracker.com/id?1021906 MISC:34256 URL:http://www.securityfocus.com/bid/34256 MISC:34411 URL:http://secunia.com/advisories/34411 MISC:34460 URL:http://secunia.com/advisories/34460 MISC:34666 URL:http://secunia.com/advisories/34666 MISC:35065 URL:http://secunia.com/advisories/35065 MISC:35380 URL:http://secunia.com/advisories/35380 MISC:35729 URL:http://secunia.com/advisories/35729 MISC:36701 URL:http://secunia.com/advisories/36701 MISC:42724 URL:http://secunia.com/advisories/42724 MISC:42733 URL:http://secunia.com/advisories/42733 MISC:52866 URL:~~http://www.osvdb.org/52866~~ (Obsolete source) MISC:ADV-2009-0850 URL:~~http://www.vupen.com/english/advisories/2009/0850~~ (Obsolete source) MISC:ADV-2009-1020 URL:~~http://www.vupen.com/english/advisories/2009/1020~~ (Obsolete source) MISC:ADV-2009-1175 URL:~~http://www.vupen.com/english/advisories/2009/1175~~ (Obsolete source) MISC:ADV-2009-1548 URL:~~http://www.vupen.com/english/advisories/2009/1548~~ (Obsolete source) MISC:APPLE-SA-2009-09-10-2 URL:http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html MISC:HPSBOV02540 URL:http://marc.info/?l=bugtraq&m=127678688104458&w=2 MISC:HPSBUX02435 URL:http://marc.info/?l=bugtraq&m=124464882609472&w=2 MISC:NetBSD-SA2009-008 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc MISC:SSRT090059 URL:http://marc.info/?l=bugtraq&m=124464882609472&w=2 MISC:SUSE-SR:2009:010 URL:http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html MISC:SUSE-SU-2011:0847 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html MISC:http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 URL:http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 MISC:http://support.apple.com/kb/HT3865 URL:http://support.apple.com/kb/HT3865 MISC:http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html URL:http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html MISC:http://www.openssl.org/news/secadv_20090325.txt URL:http://www.openssl.org/news/secadv_20090325.txt MISC:http://www.php.net/archive/2009.php#id2009-04-08-1 URL:http://www.php.net/archive/2009.php#id2009-04-08-1 MISC:https://kb.bluecoat.com/index?page=content&id=SA50 URL:https://kb.bluecoat.com/index?page=content&id=SA50 MISC:openSUSE-SU-2011:0845 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html MISC:openssl-asn1-structure-dos(49433) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/49433
Assigning CNA
Red Hat, Inc.
Date Record Created
20090304	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090304)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.