NVD

CVE-2009-0590 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Description

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 5.0 MEDIUM

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/25/2010)

This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1335.html This issue was fixed in openssl packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0163.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc	CVE, Inc., Red Hat	Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.html	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=124464882609472&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=125017764422557&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=127678688104458&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://secunia.com/advisories/34411	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/34460	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/34509	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/34561	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/34666	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/34896	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/34960	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/35065	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/35181	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/35380	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/35729	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/36533	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/36701	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38794	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/38834	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42467	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42724	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/42733	CVE, Inc., Red Hat	Third Party Advisory
http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc	CVE, Inc., Red Hat	Third Party Advisory
http://securitytracker.com/id?1021905	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847	CVE, Inc., Red Hat	Patch Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1	CVE, Inc., Red Hat	Broken Link
http://support.apple.com/kb/HT3865	CVE, Inc., Red Hat	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm	CVE, Inc., Red Hat	Third Party Advisory
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	CVE, Inc., Red Hat	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0057	CVE, Inc., Red Hat	Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057	CVE, Inc., Red Hat	Broken Link
http://www.debian.org/security/2009/dsa-1763	CVE, Inc., Red Hat	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:087	CVE, Inc., Red Hat	Third Party Advisory
http://www.openssl.org/news/secadv_20090325.txt	CVE, Inc., Red Hat	Vendor Advisory
http://www.osvdb.org/52864	CVE, Inc., Red Hat	Broken Link
http://www.php.net/archive/2009.php#id2009-04-08-1	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1335.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.securityfocus.com/archive/1/502429/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/515055/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/34256	CVE, Inc., Red Hat	Patch Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-750-1	CVE, Inc., Red Hat	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0019.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2009/0850	CVE, Inc., Red Hat	Permissions Required
http://www.vupen.com/english/advisories/2009/1020	CVE, Inc., Red Hat	Permissions Required
http://www.vupen.com/english/advisories/2009/1175	CVE, Inc., Red Hat	Permissions Required
http://www.vupen.com/english/advisories/2009/1220	CVE, Inc., Red Hat	Permissions Required
http://www.vupen.com/english/advisories/2009/1548	CVE, Inc., Red Hat	Permissions Required
http://www.vupen.com/english/advisories/2010/0528	CVE, Inc., Red Hat	Permissions Required
http://www.vupen.com/english/advisories/2010/3126	CVE, Inc., Red Hat	Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/49431	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
https://kb.bluecoat.com/index?page=content&id=SA50	CVE, Inc., Red Hat	Third Party Advisory
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html	CVE, Inc., Red Hat	Third Party Advisory
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996	CVE, Inc., Red Hat	Third Party Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

8 change records found show changes

CVE Modified by CVE 11/20/2024 8:00:26 PM

Action	Type	New Value
Added	Reference	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
Added	Reference	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
Added	Reference	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Added	Reference	http://marc.info/?l=bugtraq&m=124464882609472&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=124464882609472&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=125017764422557&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=125017764422557&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=127678688104458&w=2
Added	Reference	http://secunia.com/advisories/34411
Added	Reference	http://secunia.com/advisories/34460
Added	Reference	http://secunia.com/advisories/34509
Added	Reference	http://secunia.com/advisories/34561
Added	Reference	http://secunia.com/advisories/34666
Added	Reference	http://secunia.com/advisories/34896
Added	Reference	http://secunia.com/advisories/34960
Added	Reference	http://secunia.com/advisories/35065
Added	Reference	http://secunia.com/advisories/35181
Added	Reference	http://secunia.com/advisories/35380
Added	Reference	http://secunia.com/advisories/35729
Added	Reference	http://secunia.com/advisories/36533
Added	Reference	http://secunia.com/advisories/36701
Added	Reference	http://secunia.com/advisories/38794
Added	Reference	http://secunia.com/advisories/38834
Added	Reference	http://secunia.com/advisories/42467
Added	Reference	http://secunia.com/advisories/42724
Added	Reference	http://secunia.com/advisories/42733
Added	Reference	http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc
Added	Reference	http://securitytracker.com/id?1021905
Added	Reference	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
Added	Reference	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1
Added	Reference	http://support.apple.com/kb/HT3865
Added	Reference	http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm
Added	Reference	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
Added	Reference	http://wiki.rpath.com/Advisories:rPSA-2009-0057
Added	Reference	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057
Added	Reference	http://www.debian.org/security/2009/dsa-1763
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2009:087
Added	Reference	http://www.openssl.org/news/secadv_20090325.txt
Added	Reference	http://www.osvdb.org/52864
Added	Reference	http://www.php.net/archive/2009.php#id2009-04-08-1
Added	Reference	http://www.redhat.com/support/errata/RHSA-2009-1335.html
Added	Reference	http://www.securityfocus.com/archive/1/502429/100/0/threaded
Added	Reference	http://www.securityfocus.com/archive/1/515055/100/0/threaded
Added	Reference	http://www.securityfocus.com/bid/34256
Added	Reference	http://www.ubuntu.com/usn/usn-750-1
Added	Reference	http://www.vmware.com/security/advisories/VMSA-2010-0019.html
Added	Reference	http://www.vupen.com/english/advisories/2009/0850
Added	Reference	http://www.vupen.com/english/advisories/2009/1020
Added	Reference	http://www.vupen.com/english/advisories/2009/1175
Added	Reference	http://www.vupen.com/english/advisories/2009/1220
Added	Reference	http://www.vupen.com/english/advisories/2009/1548
Added	Reference	http://www.vupen.com/english/advisories/2010/0528
Added	Reference	http://www.vupen.com/english/advisories/2010/3126
Added	Reference	https://exchange.xforce.ibmcloud.com/vulnerabilities/49431
Added	Reference	https://kb.bluecoat.com/index?page=content&id=SA50
Added	Reference	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
Added	Reference	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996

Modified Analysis by NIST 11/03/2020 12:38:19 PM

Quick Info

CVE Dictionary Entry:
CVE-2009-0590
NVD Published Date:
03/27/2009
NVD Last Modified:
04/08/2025
Source:
Red Hat, Inc.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2009-0590 Detail

Description

Metrics

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/25/2010)

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 8:00:26 PM

CVE Modified by Red Hat, Inc. 5/13/2024 10:04:33 PM

Modified Analysis by NIST 11/03/2020 12:38:19 PM

CVE Modified by Red Hat, Inc. 10/10/2018 3:29:39 PM

CVE Modified by Red Hat, Inc. 9/28/2017 9:33:54 PM

CVE Modified by Red Hat, Inc. 8/16/2017 9:29:55 PM

CVE Modified by Red Hat, Inc. 8/22/2016 9:59:35 PM

Initial CVE Analysis 3/27/2009 1:32:00 PM

Quick Info