CVE - CVE-2009-3245

CVE-ID
CVE-2009-3245	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[openssl-cvs] 20100223 OpenSSL: OpenSSL_0_9_8-stable: openssl/ CHANGES openssl/crypto/b... URL:http://marc.info/?l=openssl-cvs&m=126692180606861&w=2 MLIST:[openssl-cvs] 20100223 OpenSSL: OpenSSL_1_0_0-stable: openssl/crypto/bn/ bn_div.c bn_gf... URL:http://marc.info/?l=openssl-cvs&m=126692159706582&w=2 MLIST:[openssl-cvs] 20100223 OpenSSL: openssl/crypto/bn/ bn_div.c bn_gf2m.c openssl/crypto/ec... URL:http://marc.info/?l=openssl-cvs&m=126692170906712&w=2 MLIST:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html MLIST:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html CONFIRM:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA50 CONFIRM:http://support.apple.com/kb/HT4723 APPLE:APPLE-SA-2011-06-23-1 URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html FEDORA:FEDORA-2010-5744 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html FEDORA:FEDORA-2010-5357 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html HP:HPSBOV02540 URL:http://marc.info/?l=bugtraq&m=127678688104458&w=2 HP:HPSBUX02517 URL:http://marc.info/?l=bugtraq&m=127128920008563&w=2 HP:SSRT100058 URL:http://marc.info/?l=bugtraq&m=127128920008563&w=2 MANDRIVA:MDVSA-2010:076 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 REDHAT:RHSA-2010:0977 URL:http://www.redhat.com/support/errata/RHSA-2010-0977.html REDHAT:RHSA-2011:0896 URL:http://www.redhat.com/support/errata/RHSA-2011-0896.html SLACKWARE:SSA:2010-060-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SUSE:SUSE-SR:2010:013 URL:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html UBUNTU:USN-1003-1 URL:http://www.ubuntu.com/usn/USN-1003-1 BID:38562 URL:http://www.securityfocus.com/bid/38562 OVAL:oval:org.mitre.oval:def:9790 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790 OVAL:oval:org.mitre.oval:def:11738 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738 OVAL:oval:org.mitre.oval:def:6640 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640 SECUNIA:38761 URL:http://secunia.com/advisories/38761 SECUNIA:39461 URL:http://secunia.com/advisories/39461 SECUNIA:39932 URL:http://secunia.com/advisories/39932 SECUNIA:42724 URL:http://secunia.com/advisories/42724 SECUNIA:42733 URL:http://secunia.com/advisories/42733 SECUNIA:37291 URL:http://secunia.com/advisories/37291 VUPEN:ADV-2010-0839 URL:http://www.vupen.com/english/advisories/2010/0839 VUPEN:ADV-2010-0933 URL:http://www.vupen.com/english/advisories/2010/0933 VUPEN:ADV-2010-0916 URL:http://www.vupen.com/english/advisories/2010/0916 VUPEN:ADV-2010-1216 URL:http://www.vupen.com/english/advisories/2010/1216
Assigning CNA
N/A
Date Entry Created
20090918	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090918)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us