CVE-2009-0789

Publication date 27 March 2009

Last updated 24 July 2024

Ubuntu priority

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssl	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

only affects platforms where sizeof(long) < sizeof(void *). These are equal on all releases/architectures, thus Ubuntu is not affected.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0789