// For flags

CVE-2009-1379

OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

Vulnerabilidad de uso después de la liberación en (use-after-free) en la función dtls1_retrieve_buffered_fragment en ssl/d1_both.c en OpenSSL v1.0.0 Beta 2 permite a atacantes remotos producir una denegación de servicio (caída de openssl s_client) a posiblemente tenga un impacto sin especificar a través de un paquete DTLS, como se demostró mediante un paquete de un servidor que utiliza un certificado de servidor manipulado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-04-23 CVE Reserved
  • 2009-05-18 First Exploit
  • 2009-05-19 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
  • CWE-416: Use After Free
CAPEC
References (35)
URL Tag Source
http://lists.vmware.com/pipermail/security-announce/2010/000082.html Mailing List
http://secunia.com/advisories/35416 Third Party Advisory
http://secunia.com/advisories/35461 Third Party Advisory
http://secunia.com/advisories/35571 Third Party Advisory
http://secunia.com/advisories/35729 Third Party Advisory
http://secunia.com/advisories/36533 Third Party Advisory
http://secunia.com/advisories/37003 Third Party Advisory
http://secunia.com/advisories/38761 Third Party Advisory
http://secunia.com/advisories/38794 Third Party Advisory
http://secunia.com/advisories/38834 Third Party Advisory
http://secunia.com/advisories/42724 Third Party Advisory
http://secunia.com/advisories/42733 Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net X_refsource_confirm
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html X_refsource_confirm
http://www.openwall.com/lists/oss-security/2009/05/18/4 Mailing List
http://www.securityfocus.com/bid/35138 Vdb Entry
http://www.securitytracker.com/id?1022241 Vdb Entry
http://www.vupen.com/english/advisories/2009/1377 Vdb Entry
http://www.vupen.com/english/advisories/2010/0528 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50661 Vdb Entry
https://kb.bluecoat.com/index?page=content&id=SA50 X_refsource_confirm
https://launchpad.net/bugs/cve/2009-1379 X_refsource_misc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744 Signature
URL Date SRC
https://www.exploit-db.com/exploits/8720 2009-05-18
http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest 2024-08-07
URL Date SRC
URL Date SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc 2023-02-13
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html 2023-02-13
http://security.gentoo.org/glsa/glsa-200912-01.xml 2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 2023-02-13
http://www.redhat.com/support/errata/RHSA-2009-1335.html 2023-02-13
http://www.ubuntu.com/usn/USN-792-1 2023-02-13
https://access.redhat.com/security/cve/CVE-2009-1379 2009-09-02
https://bugzilla.redhat.com/show_bug.cgi?id=501572 2009-09-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.0
Search vendor "Openssl" for product "Openssl" and version "1.0.0"
beta2
Affected