CVE-2009-3245

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8m OpenSSL versions 0.9.7a OpenSSL versions prior to 1.0.0e

Description The issue concerns multiple vulnerabilities in the OpenSSL package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are related to the bn wexpand function calls in various files, including crypto/bn/bn div.c, crypto/bn/bn gf2m.c, crypto/ec/ec2 smpl.c, and engines/e ubsec.c. The impact and attack vectors of these vulnerabilities are context-dependent.

Recommendations For OpenSSL versions prior to 0.9.8m, update to version 0.9.8m or later. For OpenSSL versions 0.9.7a, update to a version later than 0.9.7a. For OpenSSL versions prior to 1.0.0e, update to version 1.0.0e or later. As a temporary workaround, consider restricting access to sensitive data and limiting the use of affected systems until a patch is available.