Vulnerability Description
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | <= 0.9.8j |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
- http://marc.info/?l=bugtraq&m=124464882609472&w=2
- http://marc.info/?l=bugtraq&m=127678688104458&w=2
- http://secunia.com/advisories/34411Vendor Advisory
- http://secunia.com/advisories/34460Vendor Advisory
- http://secunia.com/advisories/34666
- http://secunia.com/advisories/35065
- http://secunia.com/advisories/35380Vendor Advisory
- http://secunia.com/advisories/35729Vendor Advisory
- http://secunia.com/advisories/36701Vendor Advisory
- http://secunia.com/advisories/42724Vendor Advisory
FAQ
What is CVE-2009-0789?
CVE-2009-0789 is a vulnerability with a CVSS score of 5.0 (MEDIUM). OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and a...
How severe is CVE-2009-0789?
CVE-2009-0789 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0789?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.