Lucene search

K
cvelistRedhatCVELIST:CVE-2009-1378
HistoryMay 19, 2009 - 7:00 p.m.

CVE-2009-1378

2009-05-1919:00:00
redhat
www.cve.org
1

6.7 Medium

AI Score

Confidence

High

0.077 Low

EPSS

Percentile

94.2%

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka “DTLS fragment handling memory leak.”

References