CVE-2009-0789 — Openssl vulnerability

CWE-1894 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

2.7%

top 14.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedMar 27

Latest updateMay 3

Description

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDopenssl/openssl0.9.8j+45

▶debiandebian/openssl

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-cmw6-vcmf-xpcx: OpenSSL before 0↗2022-05-03

▶

📋Vendor Advisories

Debian

CVE-2009-0789: openssl - OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly han...↗2009

▶

Red Hat

CVE-2009-0789: OpenSSL before 0↗

▶