The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Openssl
  • Openssl
Redhat
  • Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 3
openssl-0:0.9.7a-33.26 cpe:/o:redhat:enterprise_linux:3 RHSA-2010:0163 2010-03-25T00:00:00Z
Red Hat Enterprise Linux 4
openssl-0:0.9.7a-43.17.el4_8.5 cpe:/o:redhat:enterprise_linux:4 RHSA-2010:0163 2010-03-25T00:00:00Z
Red Hat Enterprise Linux 5
openssl-0:0.9.8e-12.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2009:1335 2009-09-02T00:00:00Z
References
Link Providers
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html cve-icon cve-icon
http://lists.vmware.com/pipermail/security-announce/2010/000082.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=124464882609472&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=125017764422557&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=127678688104458&w=2 cve-icon cve-icon
http://secunia.com/advisories/34411 cve-icon cve-icon
http://secunia.com/advisories/34460 cve-icon cve-icon
http://secunia.com/advisories/34509 cve-icon cve-icon
http://secunia.com/advisories/34561 cve-icon cve-icon
http://secunia.com/advisories/34666 cve-icon cve-icon
http://secunia.com/advisories/34896 cve-icon cve-icon
http://secunia.com/advisories/34960 cve-icon cve-icon
http://secunia.com/advisories/35065 cve-icon cve-icon
http://secunia.com/advisories/35181 cve-icon cve-icon
http://secunia.com/advisories/35380 cve-icon cve-icon
http://secunia.com/advisories/35729 cve-icon cve-icon
http://secunia.com/advisories/36533 cve-icon cve-icon
http://secunia.com/advisories/36701 cve-icon cve-icon
http://secunia.com/advisories/38794 cve-icon cve-icon
http://secunia.com/advisories/38834 cve-icon cve-icon
http://secunia.com/advisories/42467 cve-icon cve-icon
http://secunia.com/advisories/42724 cve-icon cve-icon
http://secunia.com/advisories/42733 cve-icon cve-icon
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc cve-icon cve-icon
http://securitytracker.com/id?1021905 cve-icon cve-icon
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1 cve-icon cve-icon
http://support.apple.com/kb/HT3865 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm cve-icon cve-icon
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html cve-icon cve-icon
http://wiki.rpath.com/Advisories:rPSA-2009-0057 cve-icon cve-icon
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057 cve-icon cve-icon
http://www.debian.org/security/2009/dsa-1763 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2009:087 cve-icon cve-icon
http://www.openssl.org/news/secadv_20090325.txt cve-icon cve-icon
http://www.osvdb.org/52864 cve-icon cve-icon
http://www.php.net/archive/2009.php#id2009-04-08-1 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-1335.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/502429/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/515055/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/34256 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-750-1 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2010-0019.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/0850 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1020 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1175 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1220 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/1548 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0528 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3126 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/49431 cve-icon cve-icon
https://kb.bluecoat.com/index?page=content&id=SA50 cve-icon cve-icon
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html cve-icon cve-icon
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-0590 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-0590 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-03-27T16:00:00

Updated: 2024-08-07T04:40:04.972Z

Reserved: 2009-02-13T00:00:00

Link: CVE-2009-0590

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2009-03-27T16:30:00.170

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0590

cve-icon Redhat

Severity : Low

Publid Date: 2009-03-25T00:00:00Z

Links: CVE-2009-0590 - Bugzilla