OpenSSL 'bn_wexpand()' Multiple Vulnerabilities (Win) Network Vulnerability

Summary

This host is installed with OpenSSL and is prone to multiple vulnerabilities.

Impact

Has unspecified impact and context-dependent attack vectors. Impact Level: Application

Solution

Upgrade to version 0.9.8m or later. For updates refer tohttp://www.slproweb.com/products/Win32OpenSSL.html

Insight

Multiple flaws are due to error in 'bn_wexpand()' function which does not check for a NULL return value when called in 'crypto/bn/bn_div.c', 'crypto/bn/bn_gf2m.c', 'crypto/ec/ec2_smpl.c', and 'engines/e_ubsec.c'.

Affected

OpenSSL version prior to 0.9.8m on Windows.

References

http://marc.info/?l=openssl-cvs&m=126692159706582&w=2
http://secunia.com/advisories/38761
http://security-tracker.debian.org/tracker/CVE-2009-3245

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3245

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Captivate Insecure Library Loading Vulnerability
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)

Take action and discover your vulnerabilities