CVE-2009-0789

OpenSSL < 0.9.8k - Denial of Service via Malformed ASN.1 Structure in Certificate Public Key

Title source: llm

Description

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

References (30)

Core 30

Core References

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=124464882609472&w=2

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0850

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1175

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42724

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/52866

Product x_refsource_confirm

http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34666

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1020

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35729

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35380

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=127678688104458&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/49433

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35065

Vendor Advisory x_refsource_confirm

http://www.php.net/archive/2009.php#id2009-04-08-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34411

Vendor Advisory vendor-advisory x_refsource_netbsd

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1021906

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Product x_refsource_confirm

http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3865

Vendor Advisory x_refsource_confirm

http://www.openssl.org/news/secadv_20090325.txt

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1548

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36701

Various Sources x_refsource_confirm

https://kb.bluecoat.com/index?page=content&id=SA50

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34460

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34256

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42733

Scores

EPSS 0.0273

EPSS Percentile 86.1%

Details

CWE

CWE-189

Status published

Products (34)

openssl/openssl 0.9.1c

openssl/openssl 0.9.2b

openssl/openssl 0.9.3

openssl/openssl 0.9.3a

openssl/openssl 0.9.4

openssl/openssl 0.9.5 (3 CPE variants)

openssl/openssl 0.9.5a (3 CPE variants)

openssl/openssl 0.9.6 (4 CPE variants)

openssl/openssl 0.9.6a (4 CPE variants)

openssl/openssl 0.9.6b

... and 24 more

Published Mar 27, 2009

Tracked Since Feb 18, 2026