ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Feb 2024, 18:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* |
|
References | (SECUNIA) http://secunia.com/advisories/35729 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/36533 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38794 - Not Applicable, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179 - Broken Link, Tool Signature | |
References | (BID) http://www.securityfocus.com/bid/35174 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469 - Broken Link, Tool Signature | |
References | (SECUNIA) http://secunia.com/advisories/35685 - Not Applicable, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35571 - Not Applicable, Third Party Advisory |
Information
Published : 2009-06-04 16:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1386
Mitre link : CVE-2009-1386
CVE.ORG link : CVE-2009-1386
JSON object : View
Products Affected
openssl
- openssl
redhat
- openssl
canonical
- ubuntu_linux
CWE
CWE-476
NULL Pointer Dereference