Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-4355

Published: 14/01/2010 Updated: 19/09/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and previous versions and 1.0.0 Beta through Beta 4 allows remote malicious users to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

openssl openssl 0.9.8k

openssl openssl 0.9.8d

openssl openssl 0.9.8c

openssl openssl 0.9.7d

openssl openssl 0.9.7e

redhat openssl 0.9.7a-2

openssl openssl 0.9.8f

openssl openssl 0.9.8e

openssl openssl 0.9.7

openssl openssl 0.9.7f

openssl openssl 0.9.7g

openssl openssl 0.9.6

openssl openssl 0.9.6c

openssl openssl 0.9.6b

openssl openssl 0.9.5

openssl openssl 0.9.5a

openssl openssl 0.9.2b

openssl openssl 0.9.1c

openssl openssl 0.9.8h

openssl openssl 0.9.8g

openssl openssl 0.9.7a

openssl openssl 0.9.7h

openssl openssl 0.9.7i

openssl openssl 0.9.7m

openssl openssl 0.9.6i

openssl openssl 0.9.6h

openssl openssl 0.9.6m

openssl openssl 0.9.6l

openssl openssl 0.9.3a

openssl openssl 0.9.3

openssl openssl 0.9.8j

openssl openssl 0.9.8i

openssl openssl 0.9.8b

openssl openssl 0.9.8a

openssl openssl 0.9.8

openssl openssl 0.9.7b

openssl openssl 0.9.7c

openssl openssl 0.9.7k

openssl openssl 0.9.7l

openssl openssl 0.9.6a

redhat openssl 0.9.6-15

openssl openssl 0.9.6f

openssl openssl 0.9.6k

openssl openssl 0.9.6j

openssl openssl 0.9.4

openssl openssl 0.9.7j

redhat openssl 0.9.6b-3

openssl openssl 0.9.6g

openssl openssl 0.9.6e

openssl openssl 0.9.6d

openssl openssl 1.0.0

Vendor Advisories

Red Hat: Moderate: openssl security update
Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix two security issues are now available forRed Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Descri ...
Ubuntu Security Notice: openssl vulnerability
It was discovered that OpenSSL did not correctly free unused memory in certain situations A remote attacker could trigger this flaw in services that used SSL, causing the service to use all available system memory, leading to a denial of service ...
Debian Security Advisories: DSA-1970-1 openssl -- denial of service
It was discovered that a significant memory leak could occur in OpenSSL, related to the reinitialization of zlib This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded The old stable distribution (etch) is not ...

References

CWE-399https://bugzilla.redhat.com/show_bug.cgi?id=546707http://secunia.com/advisories/38175http://cvs.openssl.org/chngview?cn=19069http://secunia.com/advisories/38181http://secunia.com/advisories/38200https://issues.rpath.com/browse/RPL-3157http://www.debian.org/security/2010/dsa-1970http://cvs.openssl.org/chngview?cn=19068http://www.ubuntu.com/usn/USN-884-1http://www.openwall.com/lists/oss-security/2010/01/13/3http://www.vupen.com/english/advisories/2010/0124http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttp://cvs.openssl.org/chngview?cn=19167https://rhn.redhat.com/errata/RHSA-2010-0095.htmlhttp://secunia.com/advisories/38761http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049http://www.mandriva.com/security/advisories?name=MDVSA-2010:022http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004http://www.vupen.com/english/advisories/2010/0839http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlhttp://www.vupen.com/english/advisories/2010/0916http://secunia.com/advisories/39461http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlhttp://secunia.com/advisories/42724http://secunia.com/advisories/42733https://kb.bluecoat.com/index?page=content&id=SA50http://marc.info/?l=bugtraq&m=127128920008563&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260https://access.redhat.com/errata/RHSA-2010:0054https://usn.ubuntu.com/884-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook