Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-1379

Published: 19/05/2009 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote malicious users to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-137{7,8,9}
Debian Bug report logs - #530400 CVE-2009-137{7,8,9} Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Sun, 24 May 2009 16:21:01 UTC Severity: ...
Ubuntu Security Notice: openssl vulnerabilities
It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests (CVE-2009-1377) ...

Exploits

Exploit DB: OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
/* * cve-2009-1378c * * OpenSSL <= 098k, 100-beta2 DTLS Remote Memory Exhaustion DoS * Jon Oberheide <jon@oberheideorg> * jonoberheideorg * * Information: * * cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2009-1378 * * In dtls1_process_out_of_seq_message() the check if the current message is * already ...

References

CWE-399http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guesthttp://www.openwall.com/lists/oss-security/2009/05/18/4https://launchpad.net/bugs/cve/2009-1379http://www.securitytracker.com/id?1022241http://www.vupen.com/english/advisories/2009/1377http://www.securityfocus.com/bid/35138http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://secunia.com/advisories/35416http://secunia.com/advisories/35461http://www.ubuntu.com/usn/USN-792-1http://secunia.com/advisories/35571http://secunia.com/advisories/35729ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.aschttp://secunia.com/advisories/37003http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlhttp://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.nethttp://security.gentoo.org/glsa/glsa-200912-01.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049http://secunia.com/advisories/38761http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444http://secunia.com/advisories/38794http://www.vupen.com/english/advisories/2010/0528http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://secunia.com/advisories/38834https://kb.bluecoat.com/index?page=content&id=SA50http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://www.redhat.com/support/errata/RHSA-2009-1335.htmlhttp://secunia.com/advisories/36533https://exchange.xforce.ibmcloud.com/vulnerabilities/50661https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530400https://nvd.nist.govhttps://usn.ubuntu.com/792-1/https://www.exploit-db.com/exploits/8720/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook