Lucene search

K

[email protected]NVD:CVE-2009-1378

HistoryMay 19, 2009 - 7:30 p.m.

CVE-2009-1378

2009-05-1919:30:00

CWE-401

[email protected]

web.nvd.nist.gov

10

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.3

Confidence

High

EPSS

0.077

Percentile

94.2%

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka “DTLS fragment handling memory leak.”

Affected configurations

Nvd

Node

opensslopensslRange0.9.8–0.9.8m

Node

canonicalubuntu_linuxMatch6.06

OR

canonicalubuntu_linuxMatch8.04-

OR

canonicalubuntu_linuxMatch8.10

OR

canonicalubuntu_linuxMatch9.04

VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonicalubuntu_linux8.10cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
canonicalubuntu_linux9.04cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc

cvs.openssl.org/chngview?cn=18188

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

marc.info/?l=openssl-dev&m=124247679213944&w=2

marc.info/?l=openssl-dev&m=124263491424212&w=2

rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest

secunia.com/advisories/35128

secunia.com/advisories/35416

secunia.com/advisories/35461

secunia.com/advisories/35571

secunia.com/advisories/35729

secunia.com/advisories/36533

secunia.com/advisories/37003

secunia.com/advisories/38761

secunia.com/advisories/38794

secunia.com/advisories/38834

secunia.com/advisories/42724

secunia.com/advisories/42733

security.gentoo.org/glsa/glsa-200912-01.xml

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

www.mandriva.com/security/advisories?name=MDVSA-2009:120

www.openwall.com/lists/oss-security/2009/05/18/1

www.redhat.com/support/errata/RHSA-2009-1335.html

www.securityfocus.com/bid/35001

www.securitytracker.com/id?1022241

www.ubuntu.com/usn/USN-792-1

www.vupen.com/english/advisories/2009/1377

www.vupen.com/english/advisories/2010/0528

kb.bluecoat.com/index?page=content&id=SA50

launchpad.net/bugs/cve/2009-1378

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229

www.exploit-db.com/exploits/8720

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.3

Confidence

High

EPSS

0.077

Percentile

94.2%

Related for NVD:CVE-2009-1378