5

CVE-2009-4355

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8l
OpenSSLOpenSSL Version0.9.1c
OpenSSLOpenSSL Version0.9.2b
OpenSSLOpenSSL Version0.9.3
OpenSSLOpenSSL Version0.9.3a
OpenSSLOpenSSL Version0.9.4
OpenSSLOpenSSL Version0.9.5
OpenSSLOpenSSL Version0.9.5 Updatebeta1
OpenSSLOpenSSL Version0.9.5 Updatebeta2
OpenSSLOpenSSL Version0.9.5a
OpenSSLOpenSSL Version0.9.5a Updatebeta1
OpenSSLOpenSSL Version0.9.5a Updatebeta2
OpenSSLOpenSSL Version0.9.6
OpenSSLOpenSSL Version0.9.6 Updatebeta1
OpenSSLOpenSSL Version0.9.6 Updatebeta2
OpenSSLOpenSSL Version0.9.6 Updatebeta3
OpenSSLOpenSSL Version0.9.6a
OpenSSLOpenSSL Version0.9.6a Updatebeta1
OpenSSLOpenSSL Version0.9.6a Updatebeta2
OpenSSLOpenSSL Version0.9.6a Updatebeta3
OpenSSLOpenSSL Version0.9.6b
OpenSSLOpenSSL Version0.9.6c
OpenSSLOpenSSL Version0.9.6d
OpenSSLOpenSSL Version0.9.6e
OpenSSLOpenSSL Version0.9.6f
OpenSSLOpenSSL Version0.9.6g
OpenSSLOpenSSL Version0.9.6h
OpenSSLOpenSSL Version0.9.6i
OpenSSLOpenSSL Version0.9.6j
OpenSSLOpenSSL Version0.9.6k
OpenSSLOpenSSL Version0.9.6l
OpenSSLOpenSSL Version0.9.6m
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7 Updatebeta1
OpenSSLOpenSSL Version0.9.7 Updatebeta2
OpenSSLOpenSSL Version0.9.7 Updatebeta3
OpenSSLOpenSSL Version0.9.7 Updatebeta4
OpenSSLOpenSSL Version0.9.7 Updatebeta5
OpenSSLOpenSSL Version0.9.7 Updatebeta6
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.7k
OpenSSLOpenSSL Version0.9.7l
OpenSSLOpenSSL Version0.9.7m
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
OpenSSLOpenSSL Version0.9.8d
OpenSSLOpenSSL Version0.9.8e
OpenSSLOpenSSL Version0.9.8f
OpenSSLOpenSSL Version0.9.8g
OpenSSLOpenSSL Version0.9.8h
OpenSSLOpenSSL Version0.9.8i
OpenSSLOpenSSL Version0.9.8j
OpenSSLOpenSSL Version0.9.8k
RedhatOpenSSL Version0.9.6-15
RedhatOpenSSL Version0.9.6b-3
RedhatOpenSSL Version0.9.7a-2
OpenSSLOpenSSL Version1.0.0 Updatebeta1
OpenSSLOpenSSL Version1.0.0 Updatebeta2
OpenSSLOpenSSL Version1.0.0 Updatebeta3
OpenSSLOpenSSL Version1.0.0 Updatebeta4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.94% 0.946
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://secunia.com/advisories/38761
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
https://kb.bluecoat.com/index?page=content&id=SA50
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
http://marc.info/?l=bugtraq&m=127128920008563&w=2
http://secunia.com/advisories/39461
http://www.vupen.com/english/advisories/2010/0916
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://cvs.openssl.org/chngview?cn=19068
http://cvs.openssl.org/chngview?cn=19069
http://cvs.openssl.org/chngview?cn=19167
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
http://secunia.com/advisories/38175
Vendor Advisory
http://secunia.com/advisories/38181
Vendor Advisory
http://secunia.com/advisories/38200
Vendor Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004
http://www.debian.org/security/2010/dsa-1970
http://www.mandriva.com/security/advisories?name=MDVSA-2010:022
http://www.openwall.com/lists/oss-security/2010/01/13/3
http://www.ubuntu.com/usn/USN-884-1
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0124
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0839
https://bugzilla.redhat.com/show_bug.cgi?id=546707
https://issues.rpath.com/browse/RPL-3157
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678