Table of Contents

Public Date:
570924: CVE-2009-3245 openssl: missing bn_wexpand return value checks

The MITRE CVE dictionary describes this issue as:

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Find out more about CVE-2009-3245 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 7.6
Base Metrics AV:N/AC:H/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (openssl) RHSA-2010:0977 2010-12-13
Red Hat Enterprise Linux 3 (openssl096b) RHSA-2010:0173 2010-03-25
Red Hat JBoss Web Server 1.0 RHSA-2011:0896 2011-06-22
Red Hat Enterprise Linux 4 (openssl096b) RHSA-2010:0173 2010-03-25
Red Hat Enterprise Virtualization Hypervisor 5 (rhev-hypervisor) RHSA-2010:0440 2010-05-25
Red Hat Enterprise Linux 5 (openssl) RHSA-2010:0162 2010-03-25
Last Modified

CVE description copyright © 2017, The MITRE Corporation