SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2009-1378

Date: (C)2009-05-19 (M)2024-02-22

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

SECTRACK-1022241

EXPLOIT-DB-8720

NetBSD-SA2009-009

SSA:2010-060-02

SUSE-SR:2009:011

http://marc.info/?l=openssl-dev&m=124247679213944&w=2

http://marc.info/?l=openssl-dev&m=124263491424212&w=2

http://www.openwall.com/lists/oss-security/2009/05/18/1

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://cvs.openssl.org/chngview?cn=18188

http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest

http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

https://kb.bluecoat.com/index?page=content&id=SA50

https://launchpad.net/bugs/cve/2009-1378

oval:org.mitre.oval:def:11309

oval:org.mitre.oval:def:7229

oval:org.secpod.oval:def:202091
oval:org.secpod.oval:def:201982
oval:org.secpod.oval:def:500658
oval:org.secpod.oval:def:700402
...

© SecPod Technologies