CVE - CVE-2009-0590

CVE-ID
CVE-2009-0590	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021905 URL:http://securitytracker.com/id?1021905 MISC:20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts URL:http://www.securityfocus.com/archive/1/502429/100/0/threaded MISC:20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console URL:http://www.securityfocus.com/archive/1/515055/100/0/threaded MISC:258048 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1~~ (Obsolete source) MISC:34256 URL:http://www.securityfocus.com/bid/34256 MISC:34411 URL:http://secunia.com/advisories/34411 MISC:34460 URL:http://secunia.com/advisories/34460 MISC:34509 URL:http://secunia.com/advisories/34509 MISC:34561 URL:http://secunia.com/advisories/34561 MISC:34666 URL:http://secunia.com/advisories/34666 MISC:34896 URL:http://secunia.com/advisories/34896 MISC:34960 URL:http://secunia.com/advisories/34960 MISC:35065 URL:http://secunia.com/advisories/35065 MISC:35181 URL:http://secunia.com/advisories/35181 MISC:35380 URL:http://secunia.com/advisories/35380 MISC:35729 URL:http://secunia.com/advisories/35729 MISC:36533 URL:http://secunia.com/advisories/36533 MISC:36701 URL:http://secunia.com/advisories/36701 MISC:38794 URL:http://secunia.com/advisories/38794 MISC:38834 URL:http://secunia.com/advisories/38834 MISC:42467 URL:http://secunia.com/advisories/42467 MISC:42724 URL:http://secunia.com/advisories/42724 MISC:42733 URL:http://secunia.com/advisories/42733 MISC:52864 URL:~~http://www.osvdb.org/52864~~ (Obsolete source) MISC:ADV-2009-0850 URL:~~http://www.vupen.com/english/advisories/2009/0850~~ (Obsolete source) MISC:ADV-2009-1020 URL:~~http://www.vupen.com/english/advisories/2009/1020~~ (Obsolete source) MISC:ADV-2009-1175 URL:~~http://www.vupen.com/english/advisories/2009/1175~~ (Obsolete source) MISC:ADV-2009-1220 URL:~~http://www.vupen.com/english/advisories/2009/1220~~ (Obsolete source) MISC:ADV-2009-1548 URL:~~http://www.vupen.com/english/advisories/2009/1548~~ (Obsolete source) MISC:ADV-2010-0528 URL:~~http://www.vupen.com/english/advisories/2010/0528~~ (Obsolete source) MISC:ADV-2010-3126 URL:~~http://www.vupen.com/english/advisories/2010/3126~~ (Obsolete source) MISC:APPLE-SA-2009-09-10-2 URL:http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html MISC:DSA-1763 URL:http://www.debian.org/security/2009/dsa-1763 MISC:FreeBSD-SA-09:08 URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc MISC:HPSBMA02447 URL:http://marc.info/?l=bugtraq&m=125017764422557&w=2 MISC:HPSBOV02540 URL:http://marc.info/?l=bugtraq&m=127678688104458&w=2 MISC:HPSBUX02435 URL:http://marc.info/?l=bugtraq&m=124464882609472&w=2 MISC:MDVSA-2009:087 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:087~~ (Obsolete source) MISC:NetBSD-SA2009-008 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc MISC:RHSA-2009:1335 URL:http://www.redhat.com/support/errata/RHSA-2009-1335.html MISC:SSRT090059 URL:http://marc.info/?l=bugtraq&m=124464882609472&w=2 MISC:SSRT090062 URL:http://marc.info/?l=bugtraq&m=125017764422557&w=2 MISC:SUSE-SR:2009:010 URL:http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html MISC:SUSE-SU-2011:0847 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html MISC:USN-750-1 URL:http://www.ubuntu.com/usn/usn-750-1 MISC:[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates URL:http://lists.vmware.com/pipermail/security-announce/2010/000082.html MISC:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html MISC:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html MISC:http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 URL:http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 MISC:http://support.apple.com/kb/HT3865 URL:http://support.apple.com/kb/HT3865 MISC:http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm MISC:http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html URL:http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html MISC:http://wiki.rpath.com/Advisories:rPSA-2009-0057 URL:http://wiki.rpath.com/Advisories:rPSA-2009-0057 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057 MISC:http://www.openssl.org/news/secadv_20090325.txt URL:http://www.openssl.org/news/secadv_20090325.txt MISC:http://www.php.net/archive/2009.php#id2009-04-08-1 URL:http://www.php.net/archive/2009.php#id2009-04-08-1 MISC:http://www.vmware.com/security/advisories/VMSA-2010-0019.html URL:http://www.vmware.com/security/advisories/VMSA-2010-0019.html MISC:https://kb.bluecoat.com/index?page=content&id=SA50 URL:https://kb.bluecoat.com/index?page=content&id=SA50 MISC:openSUSE-SU-2011:0845 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html MISC:openssl-asn1-stringprintex-dos(49431) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/49431 MISC:oval:org.mitre.oval:def:10198 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198 MISC:oval:org.mitre.oval:def:6996 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996
Assigning CNA
Red Hat, Inc.
Date Record Created
20090213	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090213)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)