Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
References
Configurations
History
07 Feb 2024, 18:02
Type | Values Removed | Values Added |
---|---|---|
References | (SECUNIA) http://secunia.com/advisories/35729 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/36533 - Not Applicable, Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/38761 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38794 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35128 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38834 - Not Applicable, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229 - Broken Link, Tool Signature | |
References | (SECUNIA) http://secunia.com/advisories/35461 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/42724 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/42733 - Not Applicable, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 - Broken Link, Tool Signature | |
References | (SECUNIA) http://secunia.com/advisories/37003 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35416 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35571 - Not Applicable, Third Party Advisory | |
CPE | cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* |
Information
Published : 2009-05-19 19:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1378
Mitre link : CVE-2009-1378
CVE.ORG link : CVE-2009-1378
JSON object : View
Products Affected
openssl
- openssl
canonical
- ubuntu_linux
CWE
CWE-401
Missing Release of Memory after Effective Lifetime