Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-1377

Published: 19/05/2009 Updated: 07/02/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and previous versions 0.9.8 versions allows remote malicious users to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-137{7,8,9}
Debian Bug report logs - #530400 CVE-2009-137{7,8,9} Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Sun, 24 May 2009 16:21:01 UTC Severity: ...
Ubuntu Security Notice: openssl vulnerabilities
It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests (CVE-2009-1377) ...

References

CWE-119http://www.securityfocus.com/bid/35001http://secunia.com/advisories/35128https://launchpad.net/bugs/cve/2009-1377http://www.openwall.com/lists/oss-security/2009/05/18/1http://cvs.openssl.org/chngview?cn=18187http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guesthttp://marc.info/?l=openssl-dev&m=124247675613888&w=2http://www.securitytracker.com/id?1022241http://www.mandriva.com/security/advisories?name=MDVSA-2009:120http://www.vupen.com/english/advisories/2009/1377http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://secunia.com/advisories/35416http://secunia.com/advisories/35461http://www.ubuntu.com/usn/USN-792-1http://secunia.com/advisories/35571http://secunia.com/advisories/35729ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.aschttp://secunia.com/advisories/37003http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.nethttp://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlhttp://security.gentoo.org/glsa/glsa-200912-01.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049http://secunia.com/advisories/38761http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://www.vupen.com/english/advisories/2010/0528http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttps://kb.bluecoat.com/index?page=content&id=SA50http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://www.redhat.com/support/errata/RHSA-2009-1335.htmlhttp://secunia.com/advisories/36533https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530400https://usn.ubuntu.com/792-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook