Back to search
CVE-2009-1377
Published: May 19, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
42724
third-party-advisory
x_refsource_SECUNIA
http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest
x_refsource_CONFIRM
SSA:2010-060-02
vendor-advisory
x_refsource_SLACKWARE
38794
third-party-advisory
x_refsource_SECUNIA
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
mailing-list
x_refsource_MLIST
ADV-2009-1377
vdb-entry
x_refsource_VUPEN
35729
third-party-advisory
x_refsource_SECUNIA
GLSA-200912-01
vendor-advisory
x_refsource_GENTOO
RHSA-2009:1335
vendor-advisory
x_refsource_REDHAT
HPSBMA02492
vendor-advisory
x_refsource_HP
38761
third-party-advisory
x_refsource_SECUNIA
37003
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9663
vdb-entry
signature
x_refsource_OVAL
https://launchpad.net/bugs/cve/2009-1377
x_refsource_MISC
36533
third-party-advisory
x_refsource_SECUNIA
1022241
vdb-entry
x_refsource_SECTRACK
USN-792-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SR:2009:011
vendor-advisory
x_refsource_SUSE
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
x_refsource_CONFIRM
[oss-security] 20090518 Two OpenSSL DTLS remote DoS
mailing-list
x_refsource_MLIST
[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug
mailing-list
x_refsource_MLIST
35001
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:6683
vdb-entry
signature
x_refsource_OVAL
38834
third-party-advisory
x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=18187
x_refsource_CONFIRM
MDVSA-2009:120
vendor-advisory
x_refsource_MANDRIVA
35461
third-party-advisory
x_refsource_SECUNIA
35128
third-party-advisory
x_refsource_SECUNIA
35571
third-party-advisory
x_refsource_SECUNIA
35416
third-party-advisory
x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50
x_refsource_CONFIRM
SSRT100079
vendor-advisory
x_refsource_HP
42733
third-party-advisory
x_refsource_SECUNIA
ADV-2010-0528
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now