Vulnerability Details : CVE-2009-0590
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2009-0590
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Threat overview for CVE-2009-0590
Top countries where our scanners detected CVE-2009-0590
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2009-0590 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-0590!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-0590
38.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0590
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-0590
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-0590
-
Red Hat 2010-03-25This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1335.html This issue was fixed in openssl packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0163.html
References for CVE-2009-0590
-
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:010 - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm
ASA-2009-172 (SUN 258048)Third Party Advisory
-
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2009-1335.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198
404 Not FoundThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:087
MandrivaThird Party Advisory
-
http://www.securityfocus.com/archive/1/502429/100/0/threaded
Third Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=124464882609472&w=2
'[security bulletin] HPSBUX02435 SSRT090059 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (' - MARCMailing List;Third Party Advisory
-
http://www.openssl.org/news/secadv_20090325.txt
404 Page not found | LibraryVendor Advisory
-
http://www.vupen.com/english/advisories/2010/0528
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://wiki.rpath.com/Advisories:rPSA-2009-0057
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996
404 Not FoundThird Party Advisory
-
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
VooDoo cIRCle download | SourceForge.netPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
[security-announce] openSUSE-SU-2011:0845-1: important: compat-openssl09Mailing List;Third Party Advisory
-
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
502 Bad GatewayThird Party Advisory
-
http://www.securityfocus.com/bid/34256
Patch;Third Party Advisory;VDB Entry
-
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
VooDoo cIRCle security advisory 20090326-01Third Party Advisory
-
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
Third Party Advisory
-
http://www.php.net/archive/2009.php#id2009-04-08-1
PHP: News Archive - 2009Third Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1
Broken Link
-
http://www.vupen.com/english/advisories/2009/1548
Site en constructionPermissions Required
-
http://www.vupen.com/english/advisories/2010/3126
Webmail | OVH- OVHPermissions Required
-
http://marc.info/?l=bugtraq&m=127678688104458&w=2
'[security bulletin] HPSBOV02540 SSRT090249 rev.1 - HP SSL for OpenVMS, Remote Unauthorized Data Inje' - MARCMailing List;Third Party Advisory
-
https://kb.bluecoat.com/index?page=content&id=SA50
Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/49431
OpenSSL ASN1_STRING_print_ex() function denial of service CVE-2009-0590 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057
Broken Link
-
http://securitytracker.com/id?1021905
Access DeniedThird Party Advisory;VDB Entry
-
http://support.apple.com/kb/HT3865
About Security Update 2009-005 - Apple SupportThird Party Advisory
-
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
Third Party Advisory
-
http://marc.info/?l=bugtraq&m=125017764422557&w=2
'[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Si' - MARCMailing List;Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/1175
Site en constructionPermissions Required
-
http://www.vupen.com/english/advisories/2009/0850
Site en constructionPermissions Required
-
http://www.debian.org/security/2009/dsa-1763
Third Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
VMSA-2010-0019.3Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/1220
Site en constructionPermissions Required
-
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
[security-announce] SUSE-SU-2011:0847-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securityfocus.com/archive/1/515055/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-750-1
USN-750-1: OpenSSL vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.vupen.com/english/advisories/2009/1020
Site en constructionPermissions Required
Jump to