DEBIAN-CVE-2009-3245
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 05 Mar 2010, 19:30
Last modified:28 Apr 2026, 20:04
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Mar 2010, 19:30
Published
Vulnerability first disclosed
28 Apr 2026, 20:04
Last Modified
Vulnerability information updated
Description
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
Affected Systems
- debian•openssl
< 0.9.8m-1 | < 0.9.8m-1 | < 0.9.8m-1 | < 0.9.8m-1