Back to search
CVE-2009-1378
Published: May 19, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
x_refsource_CONFIRM
42724
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:7229
vdb-entry
signature
x_refsource_OVAL
SSA:2010-060-02
vendor-advisory
x_refsource_SLACKWARE
38794
third-party-advisory
x_refsource_SECUNIA
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
mailing-list
x_refsource_MLIST
8720
exploit
x_refsource_EXPLOIT-DB
ADV-2009-1377
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:11309
vdb-entry
signature
x_refsource_OVAL
35729
third-party-advisory
x_refsource_SECUNIA
GLSA-200912-01
vendor-advisory
x_refsource_GENTOO
RHSA-2009:1335
vendor-advisory
x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=18188
x_refsource_CONFIRM
HPSBMA02492
vendor-advisory
x_refsource_HP
38761
third-party-advisory
x_refsource_SECUNIA
37003
third-party-advisory
x_refsource_SECUNIA
[openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak
mailing-list
x_refsource_MLIST
36533
third-party-advisory
x_refsource_SECUNIA
1022241
vdb-entry
x_refsource_SECTRACK
USN-792-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SR:2009:011
vendor-advisory
x_refsource_SUSE
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
x_refsource_CONFIRM
[oss-security] 20090518 Two OpenSSL DTLS remote DoS
mailing-list
x_refsource_MLIST
https://launchpad.net/bugs/cve/2009-1378
x_refsource_MISC
35001
vdb-entry
x_refsource_BID
38834
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:120
vendor-advisory
x_refsource_MANDRIVA
35461
third-party-advisory
x_refsource_SECUNIA
35128
third-party-advisory
x_refsource_SECUNIA
35571
third-party-advisory
x_refsource_SECUNIA
35416
third-party-advisory
x_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50
x_refsource_CONFIRM
SSRT100079
vendor-advisory
x_refsource_HP
[openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak
mailing-list
x_refsource_MLIST
42733
third-party-advisory
x_refsource_SECUNIA
ADV-2010-0528
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now