NVD Vulnerability Detail

CVE-2009-0789

Summary	OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
Summary	OpenSSL anterior a v0.9.8k en plataformas WIN64 y otras plataformas no maneja adecuadamente una estructura ASN.1 malformada, permitiendo a atacantes remotos provocar una denegación de servicio (acceso de memoria inválido y caída de la aplicación) al poner esta estructura en la clave pública de un certificado, como la utilizada por una clave pública RSA.
Publication Date	March 28, 2009, 1:30 a.m.
Registration Date	Jan. 29, 2021, 1:15 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl::::::::		0.9.8j
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*

Related information, measures and tools

No	URL	refsource
1	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc	secalert@redhat.com
2	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html	secalert@redhat.com
3	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	secalert@redhat.com
4	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	secalert@redhat.com
5	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	secalert@redhat.com
6	http://marc.info/?l=bugtraq&m=124464882609472&w=2	secalert@redhat.com
7	http://marc.info/?l=bugtraq&m=127678688104458&w=2	secalert@redhat.com
8	http://secunia.com/advisories/34411	secalert@redhat.com
9	http://secunia.com/advisories/34460	secalert@redhat.com
10	http://secunia.com/advisories/34666	secalert@redhat.com
11	http://secunia.com/advisories/35065	secalert@redhat.com
12	http://secunia.com/advisories/35380	secalert@redhat.com
13	http://secunia.com/advisories/35729	secalert@redhat.com
14	http://secunia.com/advisories/36701	secalert@redhat.com
15	http://secunia.com/advisories/42724	secalert@redhat.com
16	http://secunia.com/advisories/42733	secalert@redhat.com
17	http://securitytracker.com/id?1021906	secalert@redhat.com
18	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847	secalert@redhat.com
19	http://support.apple.com/kb/HT3865	secalert@redhat.com
20	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	secalert@redhat.com
21	http://www.openssl.org/news/secadv_20090325.txt	secalert@redhat.com
22	http://www.osvdb.org/52866	secalert@redhat.com
23	http://www.php.net/archive/2009.php#id2009-04-08-1	secalert@redhat.com
24	http://www.securityfocus.com/bid/34256	secalert@redhat.com
25	http://www.vupen.com/english/advisories/2009/0850	secalert@redhat.com
26	http://www.vupen.com/english/advisories/2009/1020	secalert@redhat.com
27	http://www.vupen.com/english/advisories/2009/1175	secalert@redhat.com
28	http://www.vupen.com/english/advisories/2009/1548	secalert@redhat.com
29	https://exchange.xforce.ibmcloud.com/vulnerabilities/49433	secalert@redhat.com
30	https://kb.bluecoat.com/index?page=content&id=SA50	secalert@redhat.com
31	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc	af854a3a-2127-422b-91ae-364da2661108
32	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
33	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
34	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	af854a3a-2127-422b-91ae-364da2661108
35	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	af854a3a-2127-422b-91ae-364da2661108
36	http://marc.info/?l=bugtraq&m=124464882609472&w=2	af854a3a-2127-422b-91ae-364da2661108
37	http://marc.info/?l=bugtraq&m=127678688104458&w=2	af854a3a-2127-422b-91ae-364da2661108
38	http://secunia.com/advisories/34411	af854a3a-2127-422b-91ae-364da2661108
39	http://secunia.com/advisories/34460	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/34666	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/35065	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/35380	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/35729	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/36701	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/42724	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/42733	af854a3a-2127-422b-91ae-364da2661108
47	http://securitytracker.com/id?1021906	af854a3a-2127-422b-91ae-364da2661108
48	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847	af854a3a-2127-422b-91ae-364da2661108
49	http://support.apple.com/kb/HT3865	af854a3a-2127-422b-91ae-364da2661108
50	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	af854a3a-2127-422b-91ae-364da2661108
51	http://www.openssl.org/news/secadv_20090325.txt	af854a3a-2127-422b-91ae-364da2661108
52	http://www.osvdb.org/52866	af854a3a-2127-422b-91ae-364da2661108
53	http://www.php.net/archive/2009.php#id2009-04-08-1	af854a3a-2127-422b-91ae-364da2661108
54	http://www.securityfocus.com/bid/34256	af854a3a-2127-422b-91ae-364da2661108
55	http://www.vupen.com/english/advisories/2009/0850	af854a3a-2127-422b-91ae-364da2661108
56	http://www.vupen.com/english/advisories/2009/1020	af854a3a-2127-422b-91ae-364da2661108
57	http://www.vupen.com/english/advisories/2009/1175	af854a3a-2127-422b-91ae-364da2661108
58	http://www.vupen.com/english/advisories/2009/1548	af854a3a-2127-422b-91ae-364da2661108
59	https://exchange.xforce.ibmcloud.com/vulnerabilities/49433	af854a3a-2127-422b-91ae-364da2661108
60	https://kb.bluecoat.com/index?page=content&id=SA50	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl::::::::		0.9.8j
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*