ID CVE-2009-1378
Summary Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-2:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8c-9:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8c-9:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-2:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8d-9:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8d-9:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-2:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8e-9:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8e-9:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-2:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8f-9:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8f-9:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-2:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-3:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-3:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-4:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-4:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-5:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-5:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl_project:openssl:0.9.8g-9:*:*:*:*:*:*:*
    cpe:2.3:a:openssl_project:openssl:0.9.8g-9:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-09-2017 - 01:34)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2013-04-29T04:13:07.986-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
    family unix
    id oval:org.mitre.oval:def:11309
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
    version 18
  • accepted 2014-01-20T04:01:33.304-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
    family unix
    id oval:org.mitre.oval:def:7229
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
    version 8
redhat via4
advisories
rhsa
id RHSA-2009:1335
rpms
  • openssl-0:0.9.8e-12.el5
  • openssl-devel-0:0.9.8e-12.el5
  • openssl-perl-0:0.9.8e-12.el5
refmap via4
bid 35001
confirm
exploit-db 8720
gentoo GLSA-200912-01
hp
  • HPSBMA02492
  • SSRT100079
mandriva MDVSA-2009:120
misc https://launchpad.net/bugs/cve/2009-1378
mlist
  • [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak
  • [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak
  • [oss-security] 20090518 Two OpenSSL DTLS remote DoS
  • [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
netbsd NetBSD-SA2009-009
sectrack 1022241
secunia
  • 35128
  • 35416
  • 35461
  • 35571
  • 35729
  • 36533
  • 37003
  • 38761
  • 38794
  • 38834
  • 42724
  • 42733
slackware SSA:2010-060-02
suse SUSE-SR:2009:011
ubuntu USN-792-1
vupen
  • ADV-2009-1377
  • ADV-2010-0528
statements via4
contributor Tomas Hoger
lastmodified 2009-09-02
organization Red Hat
statement This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.
Last major update 29-09-2017 - 01:34
Published 19-05-2009 - 19:30
Back to Top