5
CVE-2009-1378
- EPSS 12.75%
- Veröffentlicht 19.05.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:09
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.75% | 0.958 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://secunia.com/advisories/38761
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
https://kb.bluecoat.com/index?page=content&id=SA50
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://secunia.com/advisories/35416
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://secunia.com/advisories/38794
http://www.vupen.com/english/advisories/2010/0528
http://secunia.com/advisories/35729
http://secunia.com/advisories/36533
http://secunia.com/advisories/38834
http://www.redhat.com/support/errata/RHSA-2009-1335.html
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
http://secunia.com/advisories/35128
http://secunia.com/advisories/35461
http://secunia.com/advisories/35571
http://secunia.com/advisories/37003
http://security.gentoo.org/glsa/glsa-200912-01.xml
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
http://www.openwall.com/lists/oss-security/2009/05/18/1
http://www.securityfocus.com/bid/35001
http://www.securitytracker.com/id?1022241
http://www.ubuntu.com/usn/USN-792-1
http://www.vupen.com/english/advisories/2009/1377
http://cvs.openssl.org/chngview?cn=18188
http://marc.info/?l=openssl-dev&m=124247679213944&w=2
http://marc.info/?l=openssl-dev&m=124263491424212&w=2
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
https://launchpad.net/bugs/cve/2009-1378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
https://www.exploit-db.com/exploits/8720