Back to search
CVE-2009-1386
Published: Jun 4, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
38794
third-party-advisory
x_refsource_SECUNIA
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
mailing-list
x_refsource_MLIST
35729
third-party-advisory
x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=17369
x_refsource_CONFIRM
[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS
mailing-list
x_refsource_MLIST
RHSA-2009:1335
vendor-advisory
x_refsource_REDHAT
HPSBMA02492
vendor-advisory
x_refsource_HP
36533
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11179
vdb-entry
signature
x_refsource_OVAL
USN-792-1
vendor-advisory
x_refsource_UBUNTU
oval:org.mitre.oval:def:7469
vdb-entry
signature
x_refsource_OVAL
http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest
x_refsource_CONFIRM
38834
third-party-advisory
x_refsource_SECUNIA
openssl-changecipherspec-dos(50963)
vdb-entry
x_refsource_XF
35685
third-party-advisory
x_refsource_SECUNIA
8873
exploit
x_refsource_EXPLOIT-DB
35571
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2009:012
vendor-advisory
x_refsource_SUSE
35174
vdb-entry
x_refsource_BID
SSRT100079
vendor-advisory
x_refsource_HP
ADV-2010-0528
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now