Martin Olsson

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 0.9.8m OpenSSL versions 0.9.7a OpenSSL versions prior to 1.0.0e **Description** The issue concerns multiple vulnerabilities in the OpenSSL package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are related to the `bn wexpand` function calls in various files, including `crypto/bn/bn div.c`, `crypto/bn/bn gf2m.c`, `crypto/ec/ec2 smpl.c`, and `engines/e ubsec.c`. The impact and attack vectors of these vulnerabilities are context-dependent. **Recommendations** For OpenSSL versions prior to 0.9.8m, update to version 0.9.8m or later. For OpenSSL versions 0.9.7a, update to a version later than 0.9.7a. For OpenSSL versions prior to 1.0.0e, update to version 1.0.0e or later. As a temporary workaround, consider restricting access to sensitive data and limiting the use of affected systems until a patch is available.