Lucene search

K
freebsdFreeBSD82B55DF8-4D5A-11DE-8811-0030843D3802
HistoryMay 18, 2009 - 12:00 a.m.

openssl -- denial of service in DTLS implementation

2009-05-1800:00:00
vuxml.freebsd.org
19

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.2%

Secunia reports:

Some vulnerabilities have been reported in OpenSSL, which can be
exploited by malicious people to cause a DoS.
The library does not limit the number of buffered DTLS records with
a future epoch. This can be exploited to exhaust all available memory
via specially crafted DTLS packets.
An error when processing DTLS messages can be exploited to exhaust
all available memory by sending a large number of out of sequence
handshake messages.

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.2%