Published: 27/03/2009 Updated: 03/11/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Openssl

The ASN1_STRING_print_ex function in OpenSSL prior to 0.9.8k allows remote malicious users to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl
debian debian linux 4.0
debian debian linux 5.0

Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 3 and 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulner ...

Debian Bug report logs - #522002 openssl: CVE-2009-0590 denial of service Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: Tue, 31 M ...

It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN1 strings If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL ...

It was discovered that insufficient length validations in the ASN1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate For the old stable distribution (etch), this problem has been fixed in version 098c-4etch5 of the openssl package and in version 097k-31etch3 of the openssl097 packa ...

CWE-119 http://www.securityfocus.com/bid/34256 http://securitytracker.com/id?1021905 http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html http://www.osvdb.org/52864 http://www.vupen.com/english/advisories/2009/0850 http://secunia.com/advisories/34411 http://secunia.com/advisories/34460 http://www.openssl.org/news/secadv_20090325.txt http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847 http://www.ubuntu.com/usn/usn-750-1 http://secunia.com/advisories/34509 http://www.mandriva.com/security/advisories?name=MDVSA-2009:087 http://secunia.com/advisories/34666 http://www.php.net/archive/2009.php#id2009-04-08-1 http://www.debian.org/security/2009/dsa-1763 http://www.vupen.com/english/advisories/2009/1020 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057 http://secunia.com/advisories/34561 http://secunia.com/advisories/34896 http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc http://wiki.rpath.com/Advisories:rPSA-2009-0057 http://www.vupen.com/english/advisories/2009/1175 http://secunia.com/advisories/34960 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1 http://www.vupen.com/english/advisories/2009/1220 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/35065 http://secunia.com/advisories/35181 http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm http://www.vupen.com/english/advisories/2009/1548 http://marc.info/?l=bugtraq&m=124464882609472&w=2 http://secunia.com/advisories/35380 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc http://secunia.com/advisories/35729 http://marc.info/?l=bugtraq&m=125017764422557&w=2 http://support.apple.com/kb/HT3865 http://secunia.com/advisories/36701 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/38794 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://www.vupen.com/english/advisories/2010/0528 http://secunia.com/advisories/38834 http://www.vupen.com/english/advisories/2010/3126 http://www.vmware.com/security/advisories/VMSA-2010-0019.html http://secunia.com/advisories/42467 http://secunia.com/advisories/42733 http://secunia.com/advisories/42724 https://kb.bluecoat.com/index?page=content&id=SA50 https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html http://www.redhat.com/support/errata/RHSA-2009-1335.html http://secunia.com/advisories/36533 http://marc.info/?l=bugtraq&m=127678688104458&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/49431 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198 http://www.securityfocus.com/archive/1/515055/100/0/threaded http://www.securityfocus.com/archive/1/502429/100/0/threaded https://access.redhat.com/errata/RHSA-2010:0163 https://usn.ubuntu.com/750-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook