CVE-2009-5146 - Vulnerability Details

Vendors	Products
Openssl	Openssl

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2009-5146
https://www.cve.org/CVERecord?id=CVE-2009-5146

Type	Values Removed	Values Added
Metrics	threat_severity `Moderate`	threat_severity `None`

Show plain JSON

{"containers": {"cna": {"providerMetadata": {"dateUpdated": "2020-02-18T16:28:56", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none"}]}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2009-5146", "datePublished": "2020-02-18T16:28:56", "dateRejected": "2020-02-18T16:28:56", "dateReserved": "2015-03-16T00:00:00", "dateUpdated": "2020-02-18T16:28:56", "state": "REJECTED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{

containers : { »

cna : { »

providerMetadata : { »

dateUpdated : 2020-02-18T16:28:56 (string)

orgId : f81092c5-7f14-476d-80dc-24857f90be84 (string)

shortName : microfocus (string)

}

rejectedReasons : [ »

0 : { »

lang : en (string)

value : DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none (string)

}

]

}

cveMetadata : { »

assignerOrgId : f81092c5-7f14-476d-80dc-24857f90be84 (string)

assignerShortName : microfocus (string)

cveId : CVE-2009-5146 (string)

datePublished : 2020-02-18T16:28:56 (string)

dateRejected : 2020-02-18T16:28:56 (string)

dateReserved : 2015-03-16T00:00:00 (string)

dateUpdated : 2020-02-18T16:28:56 (string)

state : REJECTED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.0 (string)

}

Show plain JSON

{"bugzilla": {"description": "openssl: memory leak in hostname TLS extension", "id": "1203232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203232"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-401", "details": ["[REJECTED CVE] A memory leak flaw was fix in the hostname TLS extension. This flaw was introduced with the backport of the TLS extension code first introduced in version 0.9.8k of openssl."], "name": "CVE-2009-5146", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Not affected", "package_name": "mingw-virt-viewer", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Storage 2.1"}], "public_date": "2015-03-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-5146\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-5146"], "statement": "This issue did not affect any versions of OpenSSL as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nAlso, this CVE has been rejected, because investigation showed that it was not a security issue.\nRed Hat has evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}

{

bugzilla : { »

description : openssl: memory leak in hostname TLS extension (string)

id : 1203232 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1203232 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 5.0 (string)

cvss_scoring_vector : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

status : draft (string)

}

cwe : CWE-401 (string)

details : [ »

0 : [REJECTED CVE] A memory leak flaw was fix in the hostname TLS extension. This flaw was introduced with the backport of the TLS extension code first introduced in version 0.9.8k of openssl. (string)

]

name : CVE-2009-5146 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)