Unrated severityNVD Advisory· Published Mar 5, 2010· Updated Apr 29, 2026
CVE-2009-3245
CVE-2009-3245
Description
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
Affected products
13cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*range: <=0.9.8l
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
34- marc.infonvdPatch
- marc.infonvdPatch
- marc.infonvdPatch
- secunia.com/advisories/38761nvdVendor Advisory
- aix.software.ibm.com/aix/efixes/security/openssl_advisory.ascnvd
- lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlnvd
- marc.infonvd
- marc.infonvd
- packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.htmlnvd
- secunia.com/advisories/37291nvd
- secunia.com/advisories/39461nvd
- secunia.com/advisories/39932nvd
- secunia.com/advisories/42724nvd
- secunia.com/advisories/42733nvd
- slackware.com/security/viewer.phpnvd
- support.apple.com/kb/HT4723nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2010-0977.htmlnvd
- www.redhat.com/support/errata/RHSA-2011-0896.htmlnvd
- www.securityfocus.com/bid/38562nvd
- www.ubuntu.com/usn/USN-1003-1nvd
- www.vupen.com/english/advisories/2010/0839nvd
- www.vupen.com/english/advisories/2010/0916nvd
- www.vupen.com/english/advisories/2010/0933nvd
- www.vupen.com/english/advisories/2010/1216nvd
- kb.bluecoat.com/indexnvd
- lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlnvd
- lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790nvd
News mentions
0No linked articles in our index yet.