CVE-2009-1378
OpenSSL: DTLS fragment handling memory DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Múltiples fugas de memoria en la función dtls1_process_out_of_seq_message en ssl/d1_both.c en OpenSSL v0.9.8k y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de memoria) a través de registros DTLS que (1) son duplicados o (2) tienen una secuencia de números mucho mayor que la actual secuencia de números, conocido también como "fuga de memoria en el manejo de fragmentos DTLS".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-04-23 CVE Reserved
- 2009-05-19 CVE Published
- 2024-02-08 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (37)
URL | Date | SRC |
---|---|---|
http://marc.info/?l=openssl-dev&m=124263491424212&w=2 | 2024-08-07 | |
https://www.exploit-db.com/exploits/8720 | 2024-08-07 |
URL | Date | SRC |
---|---|---|
http://cvs.openssl.org/chngview?cn=18188 | 2024-02-07 | |
http://marc.info/?l=openssl-dev&m=124247679213944&w=2 | 2024-02-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | > 0.9.8 < 0.9.8m Search vendor "Openssl" for product "Openssl" and version " > 0.9.8 < 0.9.8m" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04" | - |
Affected
|