Описание
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1.0.2g-1ubuntu9 |
| bionic | released | 1.0.2g-1ubuntu9 |
| cosmic | released | 1.0.2g-1ubuntu9 |
| devel | released | 1.0.2g-1ubuntu9 |
| disco | released | 1.0.2g-1ubuntu9 |
| esm-infra-legacy/trusty | not-affected | 1.0.1f-1ubuntu2.20 |
| esm-infra/bionic | not-affected | 1.0.2g-1ubuntu9 |
| esm-infra/xenial | not-affected | 1.0.2g-1ubuntu4.4 |
| precise | released | 1.0.1-4ubuntu5.37 |
| precise/esm | not-affected | 1.0.1-4ubuntu5.37 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was needs-triage |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
The DTLS implementation in OpenSSL before 1.1.0 does not properly rest ...
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
Уязвимость реализации протокола DTLS библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
5 Medium
CVSS2
7.5 High
CVSS3