Vulnerability Details : CVE-2009-0789

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

Vulnerability category: Denial of service

Published 2009-03-27 16:30:02

Updated 2017-08-17 01:30:01

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-0789

Probability of exploitation activity in the next 30 days: 11.67%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-0789

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2009-0789

CWE-189

Assigned by: [email protected] (Primary)

Vendor statements for CVE-2009-0789

Red Hat 2009-03-30

Not vulnerable. This issue only affects a small number of operating systems and does not affect the openssl packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5.

References for CVE-2009-0789

Products affected by CVE-2009-0789

Openssl » Openssl
Versions up to, including, (<=) 0.9.8j
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.4
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.1c
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.2b
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.3
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.5
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6a
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.5a
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6c
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6d
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7 Update Beta1
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7 Update Beta2
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6b
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6e
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6h
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6i
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7a
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6g
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7 Update Beta3
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6f
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7b
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6j
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6k
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7c
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7d
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6l
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6m
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6 Update Beta3
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6a Update Beta1
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6a Update Beta2
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.5 Update Beta1
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.5 Update Beta2
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.5a Update Beta1
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7e
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6 Update Beta2
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6a Update Beta3
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7 Update Beta5
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7f
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.3a
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.5a Update Beta2
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6 Update Beta1
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7 Update Beta4
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7 Update Beta6
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7g
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7i
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7j
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7k
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8b
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8c
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8a
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7h
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8i
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8e
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8f
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7l
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7m
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8d
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8g
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.8h
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
Matching versions