CVE-2009-0590 — MEDIUM (5.0)

Q: How severe is CVE-2009-0590?

CVE-2009-0590 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-0590?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Debian Debian Linux.

Vulnerability Description

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Openssl	Openssl	< 0.9.8k
Debian	Debian Linux	4.0

Related Weaknesses (CWE)

CWE-119

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.ascThird Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlMailing ListThird Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlThird Party Advisory
http://marc.info/?l=bugtraq&m=124464882609472&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=125017764422557&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=127678688104458&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/34411Third Party Advisory
http://secunia.com/advisories/34460Third Party Advisory
http://secunia.com/advisories/34509Third Party Advisory
http://secunia.com/advisories/34561Third Party Advisory
http://secunia.com/advisories/34666Third Party Advisory
http://secunia.com/advisories/34896Third Party Advisory

FAQ

What is CVE-2009-0590?

CVE-2009-0590 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1)...

How severe is CVE-2009-0590?

CVE-2009-0590 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0590?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Debian Debian Linux.