5
CVE-2009-1377
- EPSS 11.27%
- Veröffentlicht 19.05.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:09
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.27% | 0.954 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://secunia.com/advisories/38761
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
https://kb.bluecoat.com/index?page=content&id=SA50
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://secunia.com/advisories/35416
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://secunia.com/advisories/38794
http://www.vupen.com/english/advisories/2010/0528
http://secunia.com/advisories/35729
http://secunia.com/advisories/36533
http://secunia.com/advisories/38834
http://www.redhat.com/support/errata/RHSA-2009-1335.html
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
http://cvs.openssl.org/chngview?cn=18187
http://marc.info/?l=openssl-dev&m=124247675613888&w=2
http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest
http://secunia.com/advisories/35128
http://secunia.com/advisories/35461
http://secunia.com/advisories/35571
http://secunia.com/advisories/37003
http://security.gentoo.org/glsa/glsa-200912-01.xml
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
http://www.openwall.com/lists/oss-security/2009/05/18/1
http://www.securityfocus.com/bid/35001
http://www.securitytracker.com/id?1022241
http://www.ubuntu.com/usn/USN-792-1
http://www.vupen.com/english/advisories/2009/1377
https://launchpad.net/bugs/cve/2009-1377
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663