CyberSec.Space Logo
Back to CVE Browser

CVE-2009-0544

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0220%
EPSS Percentile35.60th
PublishedFeb 12, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.

Affected Platforms (CPE)

πŸ“¦
Pycrypto

Arc2

= 2.0.1

References & Advisories

πŸ”— http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git%3Ba=commitdiff%3Bh=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
πŸ”— http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git%3Ba=commitdiff%3Bh=fd73731dfad451a81056fbb01e09aa78ab82eb5d
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
πŸ”— http://secunia.com/advisories/34199
πŸ”— http://secunia.com/advisories/35065
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml
πŸ”— http://www.mandriva.com/security/advisories?name=MDVSA-2009:049
πŸ”— http://www.mandriva.com/security/advisories?name=MDVSA-2009:050

Related Vulnerabilities

CVE-2012-58729.8

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via commen...

CVE-2012-58735.3

ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.

CVE-2009-142910.0

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); S...

CVE-2009-129110.0

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterp...