CVE-2009-3245

NameCVE-2009-3245
DescriptionOpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs575433

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openssl (PTS)bullseye1.1.1w-0+deb11u1fixed
bullseye (security)1.1.1w-0+deb11u3fixed
bookworm3.0.17-1~deb12u2fixed
bookworm (security)3.0.14-1~deb12u2fixed
trixie3.5.1-1fixed
forky, sid3.5.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opensslsourcelenny0.9.8g-15+lenny7
opensslsource(unstable)0.9.8m-1low575433
Search for package or bug name: Reporting problems