Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-1379

Опубликовано: 11 мая 2009
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

Отчет

This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=501572OpenSSL: DTLS pointer use-after-free flaw (DoS)

EPSS

Процентиль: 91%
0.06505
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-1379

ubuntu
около 16 лет назад

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

nvd логотип

CVE-2009-1379

nvd
около 16 лет назад

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

debian логотип

CVE-2009-1379

debian
около 16 лет назад

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment f ...

github логотип

GHSA-4pw3-fcxf-f8gx

github
около 3 лет назад

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

fstec логотип

BDU:2015-09404

fstec
больше 15 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить целостность и доступность защищаемой информации

EPSS

Процентиль: 91%
0.06505
Низкий

5 Medium

CVSS2