CVE-2009-0789

2009-03-27 17:30:02 2017-08-17 03:30:01

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

OpenSSL Project OpenSSL 0.9.6 Beta2 OpenSSL Project OpenSSL 0.9.7 beta3 OpenSSL Project OpenSSL 0.9.7 beta2 OpenSSL Project OpenSSL 0.9.3 OpenSSL Project OpenSSL 0.9.5a OpenSSL Project OpenSSL 0.9.5 Beta1 OpenSSL Project OpenSSL 0.9.8g OpenSSL Project OpenSSL 0.9.6 Beta1 OpenSSL Project OpenSSL 0.9.7 Beta6 OpenSSL Project OpenSSL 0.9.8f OpenSSL Project OpenSSL 0.9.7 beta1 OpenSSL Project OpenSSL 0.9.8i OpenSSL Project OpenSSL 0.9.5 Beta2 OpenSSL Project OpenSSL 0.9.6 Beta3 OpenSSL Project OpenSSL 0.9.8h OpenSSL Project OpenSSL 0.9.8j OpenSSL Project OpenSSL 0.9.7 Beta5 OpenSSL Project OpenSSL 0.9.7 Beta4 OpenSSL Project OpenSSL 0.9.8e OpenSSL Project OpenSSL 0.9.8a OpenSSL Project OpenSSL 0.9.8c OpenSSL Project OpenSSL 0.9.8b OpenSSL Project OpenSSL 0.9.8d OpenSSL Project OpenSSL 0.9.5a Beta2 OpenSSL Project OpenSSL 0.9.7f OpenSSL Project OpenSSL 0.9.3a OpenSSL Project OpenSSL 0.9.7e OpenSSL Project OpenSSL 0.9.7h OpenSSL Project OpenSSL 0.9.7g OpenSSL Project OpenSSL 0.9.7j OpenSSL Project OpenSSL 0.9.5a Beta1 OpenSSL Project OpenSSL 0.9.7i OpenSSL Project OpenSSL 0.9.7k OpenSSL Project OpenSSL 0.9.7m OpenSSL Project OpenSSL 0.9.7d OpenSSL Project OpenSSL 0.9.7l OpenSSL Project OpenSSL 0.9.7b OpenSSL Project OpenSSL 0.9.7a OpenSSL Project OpenSSL 0.9.7c OpenSSL Project OpenSSL 0.9.6e OpenSSL Project OpenSSL 0.9.6d OpenSSL Project OpenSSL 0.9.6g OpenSSL Project OpenSSL 0.9.2b OpenSSL Project OpenSSL 0.9.6f OpenSSL Project OpenSSL 0.9.6a Beta1 OpenSSL Project OpenSSL 0.9.6i OpenSSL Project OpenSSL 0.9.6h OpenSSL Project OpenSSL 0.9.6a Beta3 OpenSSL Project OpenSSL 0.9.6a Beta2 OpenSSL Project OpenSSL 0.9.6j OpenSSL Project OpenSSL 0.9.6m OpenSSL Project OpenSSL 0.9.6l OpenSSL Project OpenSSL 0.9.6c OpenSSL Project OpenSSL 0.9.8 OpenSSL Project OpenSSL 0.9.7 OpenSSL Project OpenSSL 0.9.6 OpenSSL Project OpenSSL 0.9.5 OpenSSL Project OpenSSL 0.9.4 OpenSSL Project OpenSSL 0.9.1c OpenSSL Project OpenSSL 0.9.6b OpenSSL Project OpenSSL 0.9.6a OpenSSL Project OpenSSL 0.9.6k

Openssl - Openssl

Advisory	Patch	Confirmed	Link
			openssl-asn1-structure-dos(49433)
			ADV-2009-1548
			ADV-2009-1175
			ADV-2009-1020
			ADV-2009-0850
			34256
			http://www.php.net/archive/2009.php#id2009-04-08-1
			http://www.openssl.org/news/secadv_20090325.txt
			http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.h...
			http://support.apple.com/kb/HT3865
			http://sourceforge.net/project/shownotes.php?release_id=...
			1021906
			HPSBOV02540
			HPSBUX02435
			SUSE-SU-2011:0847
			openSUSE-SU-2011:0845
			SUSE-SR:2009:010
			APPLE-SA-2009-09-10-2
			NetBSD-SA2009-008
			https://kb.bluecoat.com/index?page=content&id=SA50

Numeric Errors (ID 189)