Lucene search

K
cve[email protected]CVE-2009-1378
HistoryMay 19, 2009 - 7:30 p.m.

CVE-2009-1378

2009-05-1919:30:00
CWE-401
web.nvd.nist.gov
61
cve-2009-1378
memory leaks
openssl
denial of service
dtls records

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka “DTLS fragment handling memory leak.”

Affected configurations

NVD
Node
opensslopensslRange0.9.80.9.8m
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch8.04-
OR
canonicalubuntu_linuxMatch8.10
OR
canonicalubuntu_linuxMatch9.04
CPENameOperatorVersion
openssl:opensslopenssllt0.9.8m

References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.7 Medium

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%