Description

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Remediation

References

CVE-2009-3245

Related Vulnerabilities

WordPress Plugin Timeline Calendar SQL Injection (1.2)

Liferay Portal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-43808)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0324)

Masa CMS Incorrect Authorization Vulnerability (CVE-2022-47002)

WordPress Plugin GiveWP-Donation and Fundraising Platform Security Bypass (2.5.4)

Severity

Critical

Classification

CVE-2009-3245 CWE-20

Tags

Missing Update Known Vulnerabilities