5

CVE-2009-0590

EPSS 10.02%
Veröffentlicht 27.03.2009 16:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 63

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version < 0.9.8k

Debian ≫ Debian Linux Version4.0

Debian ≫ Debian Linux Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.02%	0.928

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://marc.info/?l=bugtraq&m=125017764422557&w=2

Third Party Advisory

Mailing List

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/36701

Third Party Advisory

http://support.apple.com/kb/HT3865

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/35065

Third Party Advisory

http://secunia.com/advisories/42724

Third Party Advisory

http://secunia.com/advisories/42733

Third Party Advisory

https://kb.bluecoat.com/index?page=content&id=SA50

Third Party Advisory

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Third Party Advisory

http://secunia.com/advisories/38794

Third Party Advisory

http://www.vupen.com/english/advisories/2010/0528

Permissions Required

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=127678688104458&w=2

Third Party Advisory

Mailing List

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc

Third Party Advisory

http://marc.info/?l=bugtraq&m=124464882609472&w=2

Third Party Advisory

Mailing List

http://secunia.com/advisories/34411

Third Party Advisory

http://secunia.com/advisories/34460

Third Party Advisory

http://secunia.com/advisories/34509

Third Party Advisory

http://secunia.com/advisories/34561

Third Party Advisory

http://secunia.com/advisories/34666

Third Party Advisory

http://secunia.com/advisories/34896

Third Party Advisory

http://secunia.com/advisories/34960

Third Party Advisory

http://secunia.com/advisories/35181

Third Party Advisory

http://secunia.com/advisories/35380

Third Party Advisory

http://secunia.com/advisories/35729

Third Party Advisory

http://secunia.com/advisories/36533

Third Party Advisory

http://secunia.com/advisories/38834

Third Party Advisory

http://secunia.com/advisories/42467

Third Party Advisory

http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc

Third Party Advisory

http://securitytracker.com/id?1021905

Third Party Advisory

VDB Entry

http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

Patch

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1

Broken Link

http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm

Third Party Advisory

http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

Third Party Advisory

http://wiki.rpath.com/Advisories:rPSA-2009-0057

Broken Link

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057

Broken Link

http://www.debian.org/security/2009/dsa-1763

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:087

Third Party Advisory

http://www.openssl.org/news/secadv_20090325.txt

Vendor Advisory

http://www.osvdb.org/52864

Broken Link

http://www.php.net/archive/2009.php#id2009-04-08-1

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-1335.html

Third Party Advisory

http://www.securityfocus.com/archive/1/502429/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/515055/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/34256

Patch

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-750-1

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2010-0019.html

Third Party Advisory

http://www.vupen.com/english/advisories/2009/0850

Permissions Required

http://www.vupen.com/english/advisories/2009/1020

Permissions Required

http://www.vupen.com/english/advisories/2009/1175

Permissions Required

http://www.vupen.com/english/advisories/2009/1220

Permissions Required

http://www.vupen.com/english/advisories/2009/1548

Permissions Required

http://www.vupen.com/english/advisories/2010/3126

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/49431

Third Party Advisory

VDB Entry

https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

Third Party Advisory

https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-0590

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0590

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0590

EUVD