Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-1378

Опубликовано: 12 мая 2009
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Отчет

This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=501254OpenSSL: DTLS fragment handling memory DoS

EPSS

Процентиль: 93%
0.09756
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-1378

ubuntu
около 16 лет назад

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

nvd логотип

CVE-2009-1378

nvd
около 16 лет назад

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

debian логотип

CVE-2009-1378

debian
около 16 лет назад

Multiple memory leaks in the dtls1_process_out_of_seq_message function ...

github логотип

GHSA-v965-8v6m-8c59

github
около 3 лет назад

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

fstec логотип

BDU:2015-09404

fstec
больше 15 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить целостность и доступность защищаемой информации

EPSS

Процентиль: 93%
0.09756
Низкий

5 Medium

CVSS2

Уязвимость CVE-2009-1378