CVE-2009-0590

Summary

CVE	CVE-2009-0590
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-03-27 16:30:00 UTC
Updated	2020-11-03 17:38:00 UTC
Description	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	4.0	All	All	All
Operating System	Debian	Debian Linux	5.0	All	All	All
Operating System	Debian	Debian Linux	4.0	All	All	All
Operating System	Debian	Debian Linux	5.0	All	All	All
Application	Openssl	Openssl	All	All	All	All
Application	Openssl	Openssl	All	All	All	All

References

Reference	Source	Link	Tags
kb.bluecoat.com/index	CONFIRM	kb.bluecoat.com	Third Party Advisory
258048	SUNALERT	sunsolve.sun.com	Broken Link
[syslog-ng-announce] syslog-ng Premium Edition 3.2.1a has been released	MLIST	lists.balabit.com	Third Party Advisory
52864	OSVDB	www.osvdb.org	Broken Link
VooDoo cIRCle download \| SourceForge.net	CONFIRM	sourceforge.net	Patch, Third Party Advisory
OpenSSL Multiple Vulnerabilities	BID	www.securityfocus.com	Patch, Third Party Advisory, VDB Entry
About Secunia Research \| Flexera	SECUNIA	secunia.com	Third Party Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Permissions Required
Repository / Oval Repository	OVAL	oval.cisecurity.org	Third Party Advisory
[security-announce] SUSE-SU-2011:0847-1: important: Security update for	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
NetBSD-SA2009-008	NETBSD	ftp.netbsd.org	Third Party Advisory
About Security Update 2009-005	CONFIRM	support.apple.com	Third Party Advisory
Debian -- Security Information -- DSA-1763-1 openssl	DEBIAN	www.debian.org	Third Party Advisory
PHP for Windows OpenSSL Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:010	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
Ubuntu update for openssl - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
[security-announce] openSUSE-SU-2011:0845-1: important: compat-openssl09	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
wiki.rpath.com/wiki/Advisories:rPSA-2009-0057	MISC	wiki.rpath.com	Broken Link
rPath update for openssl and openssl-scripts - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
ASA-2009-172 (SUN 258048)	CONFIRM	support.avaya.com	Third Party Advisory
About Secunia Research \| Flexera	SECUNIA	secunia.com	Third Party Advisory
USN-750-1: OpenSSL vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com	Third Party Advisory
Webmail \| OVH- OVH	VUPEN	www.vupen.com	Permissions Required
Webmail - OVH	VUPEN	www.vupen.com	Permissions Required
SecurityFocus	BUGTRAQ	www.securityfocus.com	Third Party Advisory, VDB Entry
APPLE-SA-2009-09-10-2 Security Update 2009-005	APPLE	lists.apple.com	Mailing List, Third Party Advisory
VooDoo cIRCle security advisory 20090326-01	CONFIRM	voodoo-circle.sourceforge.net	Third Party Advisory
OpenSSL Multiple Vulnerabilities - Advisories - Community	SECUNIA	secunia.com	Third Party Advisory
NetBSD update for openssl - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
SSRT090059	HP	marc.info	Mailing List, Third Party Advisory
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
Webmail - OVH	VUPEN	www.vupen.com	Permissions Required
SUSE Update for Multiple Packages - Advisories - Community	SECUNIA	secunia.com	Third Party Advisory
VooDoo cIRCle OpenSSL Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
VMware vMA Update for Multiple Packages - Advisories - Community	SECUNIA	secunia.com	Third Party Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com	Third Party Advisory, VDB Entry
Sun Solaris OpenSSL "ASN1_STRING_print_ex()" Denial of Service - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
VMSA-2010-0019.3	CONFIRM	www.vmware.com	Third Party Advisory
FreeBSD update for openssl - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
Support	REDHAT	www.redhat.com	Third Party Advisory
About Secunia Research \| Flexera	SECUNIA	secunia.com	Third Party Advisory
[Security-announce] VMSA-2010-0004 ESX Service Console and vMA third party updates	MLIST	lists.vmware.com	Third Party Advisory
www.openssl.org/news/secadv_20090325.txt	CONFIRM	www.openssl.org	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Permissions Required
[syslog-ng-announce] syslog-ng Premium Edition 3.0.6a has been released	MLIST	lists.balabit.com	Third Party Advisory
Webmail - OVH	VUPEN	www.vupen.com	Permissions Required
HP-UX update for OpenSSL - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
FreeBSD-SA-09:08	FREEBSD	security.FreeBSD.org	Third Party Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Permissions Required
Avaya CMS Solaris OpenSSL "ASN1_STRING_print_ex()" Denial of Service - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
VMware ESX Server 4 Multiple Vulnerabilities - Advisories - Community	SECUNIA	secunia.com	Third Party Advisory
PHP: News Archive - 2009	CONFIRM	www.php.net	Third Party Advisory
wiki.rpath.com/Advisories:rPSA-2009-0057	CONFIRM	wiki.rpath.com	Broken Link
'[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Si' - MARC	HP	marc.info	Mailing List, Third Party Advisory
'[security bulletin] HPSBOV02540 SSRT090249 rev.1 - HP SSL for OpenVMS, Remote Unauthorized Data Inje' - MARC	HP	marc.info	Mailing List, Third Party Advisory
Security Advisories \| Mandriva Linux	MANDRIVA	www.mandriva.com	Third Party Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com	Third Party Advisory, VDB Entry
Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Third Party Advisory
Repository / Oval Repository	OVAL	oval.cisecurity.org	Third Party Advisory
SecurityTracker.com Archives - OpenSSL ASN1_STRING_print_ex() Invalid Memory Access Flaw Lets Users Deny Service	SECTRACK	securitytracker.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2010-03-25	Tomas Hoger	This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1335.html This issue was fixed in openssl packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0163.html

Legacy QID Mappings

900014 CBL-Mariner Linux Security Update for openssl 1.1.1g
903473 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (2691)