Search for vulnerabilities
Vulnerability details: VCID-fk3c-j9c9-aaar
Vulnerability ID VCID-fk3c-j9c9-aaar
Aliases CVE-2009-3245
VC-OPENSSL-20100223-CVE-2009-3245
Summary It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-252 Unchecked Return Value
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
generic_textual MODERATE http://marc.info/?l=bugtraq&m=127128920008563&w=2
rhas Important https://access.redhat.com/errata/RHSA-2010:0162
rhas Important https://access.redhat.com/errata/RHSA-2010:0173
rhas Important https://access.redhat.com/errata/RHSA-2010:0440
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0977
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0896
epss 0.01069 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01069 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01069 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01069 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.01237 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.06829 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.06829 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.06829 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.06829 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.06829 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.06829 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.06829 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.06829 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.19554 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
epss 0.2805 https://api.first.org/data/v1/epss?cve=CVE-2009-3245
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=570924
generic_textual MODERATE https://kb.bluecoat.com/index?page=content&id=SA50
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2009-3245
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
Reference id Reference type URL
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://marc.info/?l=bugtraq&m=127128920008563&w=2
http://marc.info/?l=bugtraq&m=127678688104458&w=2
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2
http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3245.json
https://api.first.org/data/v1/epss?cve=CVE-2009-3245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
http://secunia.com/advisories/37291
http://secunia.com/advisories/38761
http://secunia.com/advisories/39461
http://secunia.com/advisories/39932
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
https://github.com/openssl/openssl/commit/7e4cae1d2f555cbe9226b377aff4b56c9f7ddd4d
https://kb.bluecoat.com/index?page=content&id=SA50
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790
http://support.apple.com/kb/HT4723
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
http://www.redhat.com/support/errata/RHSA-2010-0977.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.securityfocus.com/bid/38562
http://www.ubuntu.com/usn/USN-1003-1
http://www.vupen.com/english/advisories/2010/0839
http://www.vupen.com/english/advisories/2010/0916
http://www.vupen.com/english/advisories/2010/0933
http://www.vupen.com/english/advisories/2010/1216
570924 https://bugzilla.redhat.com/show_bug.cgi?id=570924
575433 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575433
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
CVE-2009-3245 https://nvd.nist.gov/vuln/detail/CVE-2009-3245
GLSA-201110-01 https://security.gentoo.org/glsa/201110-01
RHSA-2010:0162 https://access.redhat.com/errata/RHSA-2010:0162
RHSA-2010:0173 https://access.redhat.com/errata/RHSA-2010:0173
RHSA-2010:0440 https://access.redhat.com/errata/RHSA-2010:0440
RHSA-2010:0977 https://access.redhat.com/errata/RHSA-2010:0977
RHSA-2011:0896 https://access.redhat.com/errata/RHSA-2011:0896
USN-1003-1 https://usn.ubuntu.com/1003-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-3245
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83976
EPSS Score 0.01069
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.