CVE-2009-5146 - Vulnerability Details - OpenCVE

Description

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Published: 2020-02-18

Score: 5.0 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data.

Vendor	Product	Confidence	Versions
Openssl	Openssl	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2009-5146
https://www.cve.org/CVERecord?id=CVE-2009-5146

History

Fri, 06 Jun 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Moderate`	threat_severity `None`

Subscriptions

Openssl Openssl

MITRE

Status: REJECTED

Assigner: microfocus

Published: 2020-02-18T16:28:56.000Z

Updated: 2020-02-18T16:28:56.000Z

Reserved: 2015-03-16T00:00:00.000Z

Link: CVE-2009-5146

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2020-02-18T17:15:12.393

Modified: 2023-11-07T02:04:57.637

Link: CVE-2009-5146

Redhat

Severity :

Publid Date: 2015-03-16T00:00:00Z

Links: CVE-2009-5146 - Bugzilla

OpenCVE Enrichment

Updated: 2025-06-24T09:44:14Z

Weaknesses

CWE-401

{"bugzilla": {"description": "openssl: memory leak in hostname TLS extension", "id": "1203232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203232"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-401", "details": ["[REJECTED CVE] A memory leak flaw was fix in the hostname TLS extension. This flaw was introduced with the backport of the TLS extension code first introduced in version 0.9.8k of openssl."], "name": "CVE-2009-5146", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Not affected", "package_name": "mingw-virt-viewer", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Storage 2.1"}], "public_date": "2015-03-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-5146\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-5146"], "statement": "This issue did not affect any versions of OpenSSL as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nAlso, this CVE has been rejected, because investigation showed that it was not a security issue.\nRed Hat has evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}