5

CVE-2009-1378

Exploit

EPSS 15.69%
Veröffentlicht 19.05.2009 19:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 40

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version > 0.9.8 < 0.9.8m

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version8.10

Canonical ≫ Ubuntu Linux Version9.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.69%	0.945

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

Third Party Advisory

Broken Link

http://secunia.com/advisories/38761

Third Party Advisory

Not Applicable

http://secunia.com/advisories/42724

Third Party Advisory

Not Applicable

http://secunia.com/advisories/42733

Third Party Advisory

Not Applicable

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

Third Party Advisory

Mailing List

https://kb.bluecoat.com/index?page=content&id=SA50

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/35416

Third Party Advisory

Not Applicable

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Third Party Advisory

http://secunia.com/advisories/38794

Third Party Advisory

Not Applicable

http://www.vupen.com/english/advisories/2010/0528

Third Party Advisory

Permissions Required

http://secunia.com/advisories/35729

Third Party Advisory

Not Applicable

http://secunia.com/advisories/36533

Third Party Advisory

Not Applicable

http://secunia.com/advisories/38834

Third Party Advisory

Not Applicable

http://www.redhat.com/support/errata/RHSA-2009-1335.html

Third Party Advisory

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc

Third Party Advisory

Broken Link

http://secunia.com/advisories/35128

Third Party Advisory

Not Applicable

http://secunia.com/advisories/35461

Third Party Advisory

Not Applicable

http://secunia.com/advisories/35571

Third Party Advisory

Not Applicable

http://secunia.com/advisories/37003

Third Party Advisory

Not Applicable

http://security.gentoo.org/glsa/glsa-200912-01.xml

Third Party Advisory

http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

Broken Link

http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:120

Not Applicable

http://www.openwall.com/lists/oss-security/2009/05/18/1

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/35001

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id?1022241

Third Party Advisory

Broken Link

VDB Entry

http://www.ubuntu.com/usn/USN-792-1

Third Party Advisory

http://www.vupen.com/english/advisories/2009/1377

Third Party Advisory

Permissions Required

http://cvs.openssl.org/chngview?cn=18188

Patch

Vendor Advisory

Broken Link

http://marc.info/?l=openssl-dev&m=124247679213944&w=2

Patch

Third Party Advisory

Mailing List

http://marc.info/?l=openssl-dev&m=124263491424212&w=2

Third Party Advisory

Exploit

Mailing List

http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest

Third Party Advisory

Broken Link

https://launchpad.net/bugs/cve/2009-1378

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309

Broken Link

Tool Signature

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229

Broken Link

Tool Signature

https://www.exploit-db.com/exploits/8720

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2009-1378

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1378

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1378

EUVD