Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200904-08
HistoryApr 07, 2009 - 12:00 a.m.

OpenSSL: Denial of service

2009-04-0700:00:00
Gentoo Foundation
security.gentoo.org
26

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.271 Low

EPSS

Percentile

96.7%

JSON

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description

The ASN1_STRING_print_ex() function does not properly check the provided length of a BMPString or UniversalString, leading to an invalid memory access.

Impact

A remote attacker could entice a user or automated system to print a specially crafted certificate, possibly leading to a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8k"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/openssl<ย 0.9.8kUNKNOWN

Related

nessus 42
f5 2
ubuntucve 1
openvas 58
cbl_mariner 1
ubuntu 1
cve 1
freebsd 1
securityvulns 3
veracode 1
openssl 1
debian 1
prion 1
debiancve 1
freebsd_advisory 1
altlinux 4
redhat 2
threatpost 1
centos 2
oraclelinux 2
slackware 1
vmware 6
suse 2
lenovo 2
nessus
nessus
Solaris 10 (sparc) : 141742-04
2009-06-08 00:00:00
FreeBSD : FreeBSD -- remotely exploitable crash in OpenSSL (2539)
2009-05-08 00:00:00
Debian DSA-1763-1 : openssl - programming error
2009-04-07 00:00:00
f5
f5
SOL15358 - OpenSSL vulnerability CVE-2009-0590
2014-06-19 00:00:00
K15358 : OpenSSL vulnerability CVE-2009-0590
2014-06-19 00:00:00
ubuntucve
ubuntucve
CVE-2009-0590
2009-03-27 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200904-08 (openssl)
2009-04-15 00:00:00
Mandrake Security Advisory MDVSA-2009:087 (openssl)
2009-04-06 00:00:00
FreeBSD Ports: FreeBSD
2009-05-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2009-0590 affecting package openssl 1.1.1g-6
2021-08-11 06:39:26
ubuntu
ubuntu
OpenSSL vulnerability
2009-03-30 00:00:00
cve
cve
CVE-2009-0590
2009-03-27 16:30:00
freebsd
freebsd
FreeBSD -- remotely exploitable crash in OpenSSL
2009-03-25 00:00:00
securityvulns
securityvulns
OpenSSL library BMPString DoS
2009-04-01 00:00:00
[USN-750-1] OpenSSL vulnerability
2009-04-01 00:00:00
[security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux &#40;ICE-LX&#41; Cross Site Request Forgery &#40;CSRF&#41; , Remote Execution of Arbitrary Code, Denial of Service &#40;DoS&#41;, and Other Vulnerabilities
2009-08-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:41:59
openssl
openssl
Vulnerability in OpenSSL CVE-2009-0590
2009-03-25 00:00:00
debian
debian
[SECURITY] [DSA 1763-1] New openssl packages fix denial of service
2009-04-06 16:25:35
prion
prion
Authentication flaw
2009-03-27 16:30:00
debiancve
debiancve
CVE-2009-0590
2009-03-27 16:30:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:08.openssl
2009-04-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8k-alt1
2009-03-25 00:00:00
redhat
redhat
(RHSA-2010:0163) Moderate: openssl security update
2010-03-25 00:00:00
(RHSA-2009:1335) Moderate: openssl security, bug fix, and enhancement update
2009-09-02 09:47:12
threatpost
threatpost
Multiple vulnerabilities found, fixed in OpenSSL
2009-03-26 23:43:56
centos
centos
openssl security update
2010-03-25 22:38:39
openssl security update
2009-09-15 18:42:01
oraclelinux
oraclelinux
openssl security update
2010-03-25 00:00:00
openssl security, bug fix, and enhancement update
2009-09-08 00:00:00
slackware
slackware
openssl
2009-04-07 23:29:36
vmware
vmware
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
suse
suse
compat-openssl097g (important)
2011-07-27 16:08:25
Security update for compat-openssl097g (important)
2011-07-27 17:08:16
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.271 Low

EPSS

Percentile

96.7%

JSON
Related for GLSA-200904-08
nessus42f52ubuntucve1openvas58cbl_mariner1ubuntu1cve1freebsd1securityvulns3veracode1openssl1debian1prion1debiancve1freebsd_advisory1altlinux4redhat2threatpost1centos2oraclelinux2slackware1vmware6suse2lenovo2