5

CVE-2009-0590

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version < 0.9.8k
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.19% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://marc.info/?l=bugtraq&m=125017764422557&w=2
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/36701
Third Party Advisory
http://support.apple.com/kb/HT3865
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/35065
Third Party Advisory
http://secunia.com/advisories/42724
Third Party Advisory
http://secunia.com/advisories/42733
Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA50
Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Third Party Advisory
http://secunia.com/advisories/38794
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528
Permissions Required
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=127678688104458&w=2
Third Party Advisory
Mailing List
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
Third Party Advisory
http://marc.info/?l=bugtraq&m=124464882609472&w=2
Third Party Advisory
Mailing List
http://secunia.com/advisories/34411
Third Party Advisory
http://secunia.com/advisories/34460
Third Party Advisory
http://secunia.com/advisories/34509
Third Party Advisory
http://secunia.com/advisories/34561
Third Party Advisory
http://secunia.com/advisories/34666
Third Party Advisory
http://secunia.com/advisories/34896
Third Party Advisory
http://secunia.com/advisories/34960
Third Party Advisory
http://secunia.com/advisories/35181
Third Party Advisory
http://secunia.com/advisories/35380
Third Party Advisory
http://secunia.com/advisories/35729
Third Party Advisory
http://secunia.com/advisories/36533
Third Party Advisory
http://secunia.com/advisories/38834
Third Party Advisory
http://secunia.com/advisories/42467
Third Party Advisory
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc
Third Party Advisory
http://securitytracker.com/id?1021905
Third Party Advisory
VDB Entry
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
Patch
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm
Third Party Advisory
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0057
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057
Broken Link
http://www.debian.org/security/2009/dsa-1763
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:087
Third Party Advisory
http://www.openssl.org/news/secadv_20090325.txt
Vendor Advisory
http://www.osvdb.org/52864
Broken Link
http://www.php.net/archive/2009.php#id2009-04-08-1
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1335.html
Third Party Advisory
http://www.securityfocus.com/archive/1/502429/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/515055/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/34256
Patch
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-750-1
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0850
Permissions Required
http://www.vupen.com/english/advisories/2009/1020
Permissions Required
http://www.vupen.com/english/advisories/2009/1175
Permissions Required
http://www.vupen.com/english/advisories/2009/1220
Permissions Required
http://www.vupen.com/english/advisories/2009/1548
Permissions Required
http://www.vupen.com/english/advisories/2010/3126
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/49431
Third Party Advisory
VDB Entry
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
Third Party Advisory
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996
Third Party Advisory