CVE-2009-0590

Impact:
Low
Public Date:
2009-03-25
Bugzilla:
492304: CVE-2009-0590 openssl: ASN1 printing crash

The MITRE CVE dictionary describes this issue as:

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Find out more about CVE-2009-0590 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1335.html

This issue was fixed in openssl packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0163.html

CVSS v2 metrics

Base Score 2.6
Base Metrics AV:N/AC:H/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (openssl) RHSA-2010:0163 2010-03-25
Red Hat Enterprise Linux 5 (openssl) RHSA-2009:1335 2009-09-02
Red Hat Enterprise Linux 4 (openssl) RHSA-2010:0163 2010-03-25
Last Modified

CVE description copyright © 2017, The MITRE Corporation