Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDFBC8413F-2F7A-11DE-9A3F-001B77D09812
HistoryMar 25, 2009 - 12:00 a.m.

FreeBSD -- remotely exploitable crash in OpenSSL

2009-03-2500:00:00
vuxml.freebsd.org
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.271 Low

EPSS

Percentile

96.7%

JSON

Problem Description
The function ASN1_STRING_print_ex does not properly validate
the lengths of BMPString or UniversalString objects before
attempting to print them.
Impact
An application which attempts to print a BMPString or
UniversalString which has an invalid length will crash as a
result of OpenSSL accessing invalid memory locations. This
could be used by an attacker to crash a remote application.
Workaround
No workaround is available, but applications which do not use
the ASN1_STRING_print_ex function (either directly or indirectly)
are not affected.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd=ย 6.3UNKNOWN
FreeBSDanynoarchfreebsd<ย 6.3_10UNKNOWN

Related

nessus 42
f5 2
ubuntucve 1
openvas 58
cbl_mariner 1
ubuntu 1
cve 1
securityvulns 3
gentoo 1
veracode 1
openssl 1
debian 1
prion 1
freebsd_advisory 1
debiancve 1
oraclelinux 2
slackware 1
altlinux 4
redhat 2
threatpost 1
centos 2
suse 2
vmware 6
lenovo 2
nessus
nessus
Solaris 10 (sparc) : 141742-04
2009-06-08 00:00:00
FreeBSD : FreeBSD -- remotely exploitable crash in OpenSSL (2539)
2009-05-08 00:00:00
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : openssl vulnerability (USN-750-1)
2009-04-23 00:00:00
f5
f5
SOL15358 - OpenSSL vulnerability CVE-2009-0590
2014-06-19 00:00:00
K15358 : OpenSSL vulnerability CVE-2009-0590
2014-06-19 00:00:00
ubuntucve
ubuntucve
CVE-2009-0590
2009-03-27 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200904-08 (openssl)
2009-04-15 00:00:00
Solaris Update for sshd 141742-02
2009-09-23 00:00:00
Gentoo Security Advisory GLSA 200904-08 (openssl)
2009-04-15 00:00:00
cbl_mariner
cbl_mariner
CVE-2009-0590 affecting package openssl 1.1.1g-6
2021-08-11 06:39:26
ubuntu
ubuntu
OpenSSL vulnerability
2009-03-30 00:00:00
cve
cve
CVE-2009-0590
2009-03-27 16:30:00
securityvulns
securityvulns
OpenSSL library BMPString DoS
2009-04-01 00:00:00
[USN-750-1] OpenSSL vulnerability
2009-04-01 00:00:00
[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux &#40;ICE-LX&#41; Cross Site Request Forgery &#40;CSRF&#41; , Remote Execution of Arbitrary Code, Denial of Service &#40;DoS&#41;, and Other Vulnerabilities
2009-08-14 00:00:00
gentoo
gentoo
OpenSSL: Denial of service
2009-04-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:41:59
openssl
openssl
Vulnerability in OpenSSL CVE-2009-0590
2009-03-25 00:00:00
debian
debian
[SECURITY] [DSA 1763-1] New openssl packages fix denial of service
2009-04-06 16:25:35
prion
prion
Authentication flaw
2009-03-27 16:30:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:08.openssl
2009-04-22 00:00:00
debiancve
debiancve
CVE-2009-0590
2009-03-27 16:30:00
oraclelinux
oraclelinux
openssl security update
2010-03-25 00:00:00
openssl security, bug fix, and enhancement update
2009-09-08 00:00:00
slackware
slackware
openssl
2009-04-07 23:29:36
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8k-alt1
2009-03-25 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
redhat
redhat
(RHSA-2010:0163) Moderate: openssl security update
2010-03-25 00:00:00
(RHSA-2009:1335) Moderate: openssl security, bug fix, and enhancement update
2009-09-02 09:47:12
threatpost
threatpost
Multiple vulnerabilities found, fixed in OpenSSL
2009-03-26 23:43:56
centos
centos
openssl security update
2010-03-25 22:38:39
openssl security update
2009-09-15 18:42:01
suse
suse
compat-openssl097g (important)
2011-07-27 16:08:25
Security update for compat-openssl097g (important)
2011-07-27 17:08:16
vmware
vmware
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.271 Low

EPSS

Percentile

96.7%

JSON
Related for FBC8413F-2F7A-11DE-9A3F-001B77D09812
nessus42f52ubuntucve1openvas58cbl_mariner1ubuntu1cve1securityvulns3gentoo1veracode1openssl1debian1prion1freebsd_advisory1debiancve1oraclelinux2slackware1altlinux4redhat2threatpost1centos2suse2vmware6lenovo2