QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-4355

Back to search

CVE-2009-4355

Published: Jan 14, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

VendorProductVersions

n/a

n/a

affected
n/a

References

DSA-1970
vendor-advisory
x_refsource_DEBIAN
ADV-2010-0916
vdb-entry
x_refsource_VUPEN
42724
third-party-advisory
x_refsource_SECUNIA
39461
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11260
vdb-entry
signature
x_refsource_OVAL
FEDORA-2010-5357
vendor-advisory
x_refsource_FEDORA
SSA:2010-060-02
vendor-advisory
x_refsource_SLACKWARE
38761
third-party-advisory
x_refsource_SECUNIA
38181
third-party-advisory
x_refsource_SECUNIA
38200
third-party-advisory
x_refsource_SECUNIA
ADV-2010-0839
vdb-entry
x_refsource_VUPEN
HPSBUX02517
vendor-advisory
x_refsource_HP
MDVSA-2010:022
vendor-advisory
x_refsource_MANDRIVA
RHSA-2010:0095
vendor-advisory
x_refsource_REDHAT
USN-884-1
vendor-advisory
x_refsource_UBUNTU
SSRT100058
vendor-advisory
x_refsource_HP
SUSE-SA:2010:008
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:6678
vdb-entry
signature
x_refsource_OVAL
42733
third-party-advisory
x_refsource_SECUNIA
ADV-2010-0124
vdb-entry
x_refsource_VUPEN
FEDORA-2010-5744
vendor-advisory
x_refsource_FEDORA
38175
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:12168
vdb-entry
signature
x_refsource_OVAL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now