CVE-2009-0590
UnknownEPSS 6.19%
Last modified
CVE-2009-0590 is a vulnerability of currently unknown severity. The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.. EPSS estimates a 6.19% chance of exploitation in the next 30 days.
Description
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | < 0.9.8k |
| Debian | Debian Linux | 4.0 |
| Debian | Debian Linux | 5.0 |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.ascThird Party Advisory
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlMailing List, Third Party Advisory
- http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlThird Party Advisory
- http://marc.info/?l=bugtraq&m=124464882609472&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=125017764422557&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=127678688104458&w=2Mailing List, Third Party Advisory
- http://secunia.com/advisories/34411Third Party Advisory
- http://secunia.com/advisories/34460Third Party Advisory
- http://secunia.com/advisories/34509Third Party Advisory
- http://secunia.com/advisories/34561Third Party Advisory
- http://secunia.com/advisories/34666Third Party Advisory
- http://secunia.com/advisories/34896Third Party Advisory
- http://secunia.com/advisories/34960Third Party Advisory
- http://secunia.com/advisories/35065Third Party Advisory
- http://secunia.com/advisories/35181Third Party Advisory
- http://secunia.com/advisories/35380Third Party Advisory
- http://secunia.com/advisories/35729Third Party Advisory
- http://secunia.com/advisories/36533Third Party Advisory
- http://secunia.com/advisories/36701Third Party Advisory
- http://secunia.com/advisories/38794Third Party Advisory
- http://secunia.com/advisories/38834Third Party Advisory
- http://secunia.com/advisories/42467Third Party Advisory
- http://secunia.com/advisories/42724Third Party Advisory
- http://secunia.com/advisories/42733Third Party Advisory
- http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.ascThird Party Advisory
- http://securitytracker.com/id?1021905Third Party Advisory, VDB Entry
- http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847Patch, Third Party Advisory
- http://support.apple.com/kb/HT3865Third Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2009-172.htmThird Party Advisory
- http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.htmlThird Party Advisory
- http://www.debian.org/security/2009/dsa-1763Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:087Third Party Advisory
- http://www.openssl.org/news/secadv_20090325.txtVendor Advisory
- http://www.osvdb.org/52864Broken Link
- http://www.php.net/archive/2009.php#id2009-04-08-1Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-1335.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/502429/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/515055/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/34256Patch, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-750-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2009/0850Permissions Required
- http://www.vupen.com/english/advisories/2009/1020Permissions Required
- http://www.vupen.com/english/advisories/2009/1175Permissions Required
- http://www.vupen.com/english/advisories/2009/1220Permissions Required
- http://www.vupen.com/english/advisories/2009/1548Permissions Required
- http://www.vupen.com/english/advisories/2010/0528Permissions Required
- http://www.vupen.com/english/advisories/2010/3126Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49431Third Party Advisory, VDB Entry
- https://kb.bluecoat.com/index?page=content&id=SA50Third Party Advisory
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlThird Party Advisory
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlThird Party Advisory
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.ascThird Party Advisory
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlMailing List, Third Party Advisory
- http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlThird Party Advisory
- http://marc.info/?l=bugtraq&m=124464882609472&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=125017764422557&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=127678688104458&w=2Mailing List, Third Party Advisory
- http://secunia.com/advisories/34411Third Party Advisory
- http://secunia.com/advisories/34460Third Party Advisory
- http://secunia.com/advisories/34509Third Party Advisory
- http://secunia.com/advisories/34561Third Party Advisory
- http://secunia.com/advisories/34666Third Party Advisory
- http://secunia.com/advisories/34896Third Party Advisory
- http://secunia.com/advisories/34960Third Party Advisory
- http://secunia.com/advisories/35065Third Party Advisory
- http://secunia.com/advisories/35181Third Party Advisory
- http://secunia.com/advisories/35380Third Party Advisory
- http://secunia.com/advisories/35729Third Party Advisory
- http://secunia.com/advisories/36533Third Party Advisory
- http://secunia.com/advisories/36701Third Party Advisory
- http://secunia.com/advisories/38794Third Party Advisory
- http://secunia.com/advisories/38834Third Party Advisory
- http://secunia.com/advisories/42467Third Party Advisory
- http://secunia.com/advisories/42724Third Party Advisory
- http://secunia.com/advisories/42733Third Party Advisory
- http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.ascThird Party Advisory
- http://securitytracker.com/id?1021905Third Party Advisory, VDB Entry
- http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847Patch, Third Party Advisory
- http://support.apple.com/kb/HT3865Third Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2009-172.htmThird Party Advisory
- http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.htmlThird Party Advisory
- http://www.debian.org/security/2009/dsa-1763Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:087Third Party Advisory
- http://www.openssl.org/news/secadv_20090325.txtVendor Advisory
- http://www.osvdb.org/52864Broken Link
- http://www.php.net/archive/2009.php#id2009-04-08-1Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-1335.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/502429/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/515055/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/34256Patch, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-750-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2009/0850Permissions Required
- http://www.vupen.com/english/advisories/2009/1020Permissions Required
- http://www.vupen.com/english/advisories/2009/1175Permissions Required
- http://www.vupen.com/english/advisories/2009/1220Permissions Required
- http://www.vupen.com/english/advisories/2009/1548Permissions Required
- http://www.vupen.com/english/advisories/2010/0528Permissions Required
- http://www.vupen.com/english/advisories/2010/3126Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49431Third Party Advisory, VDB Entry
- https://kb.bluecoat.com/index?page=content&id=SA50Third Party Advisory
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.htmlThird Party Advisory
- https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-0590?
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
How severe is CVE-2009-0590?
Severity scoring for CVE-2009-0590 is pending analysis. The EPSS model estimates a 6.19% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0590?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2009-0590?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST