CVE-2009-0590 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

10.0%

top 6.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl Debian Linux +2 more

Timeline

PublishedMar 27

Latest updateMay 3

Description

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/openssl< openssl 0.9.8g-16 (bookworm)

▶NVDopenssl/openssl< 0.9.8k

▶Debianopenssl/openssl< 0.9.8g-16+3

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

Also affects: Debian Linux 4.0, 5.0

Patches

Patch: sourceforge.net ↗Patch: www.securityfocus.com ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-pvqm-jc37-37p5: The ASN1_STRING_print_ex function in OpenSSL before 0↗2022-05-03

▶

OSV

CVE-2009-0590: The ASN1_STRING_print_ex function in OpenSSL before 0↗2009-03-27

▶

📋Vendor Advisories

Microsoft

CVE-2009-0590: NIST NVD Details: https://nvd↗2020-09-08

▶

BSD

FreeBSD-SA-09:08.openssl: Remotely exploitable crash in OpenSSL↗2009-04-22

▶

Ubuntu

OpenSSL vulnerability↗2009-03-30

▶

Red Hat

openssl: ASN1 printing crash↗2009-03-25

▶

Debian

CVE-2009-0590: openssl - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attacke...↗2009

▶

💬Community

Bugzilla

openssl compat mode x509 subject name injection↗2009-07-09

▶

Bugzilla

CVE-2009-0590 openssl: ASN1 printing crash↗2009-03-26

▶