Lucene search

K

RedhatCVELIST:CVE-2009-1378

HistoryMay 19, 2009 - 7:00 p.m.

CVE-2009-1378

2009-05-1919:00:00

redhat

www.cve.org

3

6.7 Medium

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka “DTLS fragment handling memory leak.”

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc

cvs.openssl.org/chngview?cn=18188

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

marc.info/?l=openssl-dev&m=124247679213944&w=2

marc.info/?l=openssl-dev&m=124263491424212&w=2

rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest

secunia.com/advisories/35128

secunia.com/advisories/35416

secunia.com/advisories/35461

secunia.com/advisories/35571

secunia.com/advisories/35729

secunia.com/advisories/36533

secunia.com/advisories/37003

secunia.com/advisories/38761

secunia.com/advisories/38794

secunia.com/advisories/38834

secunia.com/advisories/42724

secunia.com/advisories/42733

security.gentoo.org/glsa/glsa-200912-01.xml

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

www.mandriva.com/security/advisories?name=MDVSA-2009:120

www.openwall.com/lists/oss-security/2009/05/18/1

www.redhat.com/support/errata/RHSA-2009-1335.html

www.securityfocus.com/bid/35001

www.securitytracker.com/id?1022241

www.ubuntu.com/usn/USN-792-1

www.vupen.com/english/advisories/2009/1377

www.vupen.com/english/advisories/2010/0528

kb.bluecoat.com/index?page=content&id=SA50

launchpad.net/bugs/cve/2009-1378

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229

www.exploit-db.com/exploits/8720

6.7 Medium

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%

Related for CVELIST:CVE-2009-1378