Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-1378
HistoryMay 19, 2009 - 12:00 a.m.

CVE-2009-1378

2009-05-1900:00:00
ubuntu.com
ubuntu.com
13

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.2%

Multiple memory leaks in the dtls1_process_out_of_seq_message function in
ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote
attackers to cause a denial of service (memory consumption) via DTLS
records that (1) are duplicates or (2) have sequence numbers much greater
than current sequence numbers, aka “DTLS fragment handling memory leak.”

Bugs

Notes

Author Note
mdeslaur PoC: http://milw0rm.com/exploits/8720
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchopenssl< 0.9.8a-7ubuntu0.9UNKNOWN
ubuntu8.04noarchopenssl< 0.9.8g-4ubuntu3.7UNKNOWN
ubuntu8.10noarchopenssl< 0.9.8g-10.1ubuntu2.4UNKNOWN
ubuntu9.04noarchopenssl< 0.9.8g-15ubuntu3.2UNKNOWN

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.2%