CVE-2009-0789

Severity

50%

Complexity

99%

Confidentiality

48%

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 15 years ago

2009-03-27 16:30:00

Last updated 7 years ago

2017-08-17 01:30:00

Affected Software

OpenSSL Project OpenSSL 0.9.1c

0.9.1c

OpenSSL Project OpenSSL 0.9.2b

0.9.2b

OpenSSL Project OpenSSL 0.9.3

0.9.3

OpenSSL Project OpenSSL 0.9.3a

0.9.3a

OpenSSL Project OpenSSL 0.9.4

0.9.4

OpenSSL Project OpenSSL 0.9.5

0.9.5

OpenSSL Project OpenSSL 0.9.5 Beta1

0.9.5

OpenSSL Project OpenSSL 0.9.5 Beta2

0.9.5

OpenSSL Project OpenSSL 0.9.5a

0.9.5a

OpenSSL Project OpenSSL 0.9.5a Beta1

0.9.5a

OpenSSL Project OpenSSL 0.9.5a Beta2

0.9.5a

OpenSSL Project OpenSSL 0.9.6

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta1

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta2

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta3

0.9.6

OpenSSL Project OpenSSL 0.9.6a

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta1

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta2

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta3

0.9.6a

OpenSSL Project OpenSSL 0.9.6b

0.9.6b

OpenSSL Project OpenSSL 0.9.6c

0.9.6c

OpenSSL Project OpenSSL 0.9.6d

0.9.6d

OpenSSL Project OpenSSL 0.9.6e

0.9.6e

OpenSSL Project OpenSSL 0.9.6f

0.9.6f

OpenSSL Project OpenSSL 0.9.6g

0.9.6g

OpenSSL Project OpenSSL 0.9.6h

0.9.6h

OpenSSL Project OpenSSL 0.9.6i

0.9.6i

OpenSSL Project OpenSSL 0.9.6j

0.9.6j

OpenSSL Project OpenSSL 0.9.6k

0.9.6k

OpenSSL Project OpenSSL 0.9.6l

0.9.6l

OpenSSL Project OpenSSL 0.9.6m

0.9.6m

OpenSSL Project OpenSSL 0.9.7

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta1

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta2

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta3

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta4

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta5

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta6

0.9.7

OpenSSL Project OpenSSL 0.9.7a

0.9.7a

OpenSSL Project OpenSSL 0.9.7b

0.9.7b

OpenSSL Project OpenSSL 0.9.7c

0.9.7c

OpenSSL Project OpenSSL 0.9.7d

0.9.7d

OpenSSL Project OpenSSL 0.9.7e

0.9.7e

OpenSSL Project OpenSSL 0.9.7f

0.9.7f

OpenSSL Project OpenSSL 0.9.7g

0.9.7g

OpenSSL Project OpenSSL 0.9.7h

0.9.7h

OpenSSL Project OpenSSL 0.9.7i

0.9.7i

OpenSSL Project OpenSSL 0.9.7j

0.9.7j

OpenSSL Project OpenSSL 0.9.7k

0.9.7k

OpenSSL Project OpenSSL 0.9.7l

0.9.7l

OpenSSL Project OpenSSL 0.9.7m

0.9.7m

OpenSSL Project OpenSSL 0.9.8

0.9.8

OpenSSL Project OpenSSL 0.9.8a

0.9.8a

OpenSSL Project OpenSSL 0.9.8b

0.9.8b

OpenSSL Project OpenSSL 0.9.8c

0.9.8c

OpenSSL Project OpenSSL 0.9.8d

0.9.8d

OpenSSL Project OpenSSL 0.9.8e

0.9.8e

OpenSSL Project OpenSSL 0.9.8f

0.9.8f

OpenSSL Project OpenSSL 0.9.8g

0.9.8g

OpenSSL Project OpenSSL 0.9.8h

0.9.8h

OpenSSL Project OpenSSL 0.9.8i

0.9.8i

OpenSSL Project OpenSSL

References

NetBSD-SA2009-008

APPLE-SA-2009-09-10-2

SUSE-SR:2009:010

openSUSE-SU-2011:0845

SUSE-SU-2011:0847

SSRT090059

HPSBOV02540

34411

Vendor Advisory

34460

Vendor Advisory

34666

35065

35380

Vendor Advisory

35729

Vendor Advisory

36701

Vendor Advisory

42724

Vendor Advisory

42733

Vendor Advisory

1021906

http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

http://support.apple.com/kb/HT3865

http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

http://www.openssl.org/news/secadv_20090325.txt

Vendor Advisory

52866

http://www.php.net/archive/2009.php#id2009-04-08-1

34256

Patch

ADV-2009-0850

Vendor Advisory

ADV-2009-1020

Vendor Advisory

ADV-2009-1175

Vendor Advisory

ADV-2009-1548

Vendor Advisory

openssl-asn1-structure-dos(49433)

https://kb.bluecoat.com/index?page=content&id=SA50

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.