CVE-2009-0590

Properties

Published:
26.03.2009
Updated:
30.04.2009
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Product:
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl
openssl: openssl

Vulnerability description

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

References:

VUPEN: http://www.vupen.com/english/advisories/2009/0850
BID: http://www.securityfocus.com/bid/34256
CONFIRM: http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
XF: http://xforce.iss.net/xforce/xfdb/49431
VUPEN: http://www.vupen.com/english/advisories/2009/1175
VUPEN: http://www.vupen.com/english/advisories/2009/1020
UBUNTU: http://www.ubuntu.com/usn/usn-750-1
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/502429/100/0/threaded
CONFIRM: http://www.php.net/archive/2009.php#id2009-04-08-1
OSVDB: http://www.osvdb.org/52864
CONFIRM: http://www.openssl.org/news/secadv_20090325.txt
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:087
DEBIAN: http://www.debian.org/security/2009/dsa-1763
MISC: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057
CONFIRM: http://wiki.rpath.com/Advisories:rPSA-2009-0057
CONFIRM: http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
SECTRACK: http://securitytracker.com/id?1021905
FREEBSD: http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc
SECUNIA: http://secunia.com/advisories/34896
SECUNIA: http://secunia.com/advisories/34666
SECUNIA: http://secunia.com/advisories/34561
SECUNIA: http://secunia.com/advisories/34509
SECUNIA: http://secunia.com/advisories/34460
SECUNIA: http://secunia.com/advisories/34411