CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2009-3245

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1760%
EPSS Percentile19.65th
Published2010年3月5日
Last Modified2026年4月29日

Vulnerability Description

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Affected Platforms (CPE)

📦
Openssl

Openssl

<= 0.9.8l
📦
Openssl

Openssl

= 0.9.8
📦
Openssl

Openssl

= 0.9.8a
📦
Openssl

Openssl

= 0.9.8b
📦
Openssl

Openssl

= 0.9.8c
📦
Openssl

Openssl

= 0.9.8d
📦
Openssl

Openssl

= 0.9.8e
📦
Openssl

Openssl

= 0.9.8f
📦
Openssl

Openssl

= 0.9.8g
📦
Openssl

Openssl

= 0.9.8h
📦
Openssl

Openssl

= 0.9.8i
📦
Openssl

Openssl

= 0.9.8j
📦
Openssl

Openssl

= 0.9.8k

References & Advisories

🔗 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
🔗 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
🔗 http://marc.info/?l=bugtraq&m=127128920008563&w=2
🔗 http://marc.info/?l=bugtraq&m=127678688104458&w=2
🔗 http://marc.info/?l=openssl-cvs&m=126692159706582&w=2

相關漏洞威脅

CVE-2006-373810.0

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions h...

CVE-2004-060710.0

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could ...

CVE-2019-102119.8

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code ...

CVE-2018-209979.8

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.