Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
References
Configurations
History
07 Feb 2024, 18:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/35128 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/35416 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/35461 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/35571 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/35729 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/36533 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/37003 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/38761 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/38794 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/38834 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/42724 - Not Applicable, Third Party Advisory | |
References | () http://secunia.com/advisories/42733 - Not Applicable, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 - Not Applicable | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 - Broken Link, Tool Signature | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229 - Broken Link, Tool Signature | |
CPE | cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:* |
02 Feb 2022, 15:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openssl_project:openssl:0.9.8e-9:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8e-2:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-9:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8d-5:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-5:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-9:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-3:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8e-6:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-8:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8e-5:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-7:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8e-3:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-1:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-1:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8d-3:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-2:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8d-8:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-1:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-3:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-2:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-7:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8d-9:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-4:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8e-7:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8d-6:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8d-7:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-5:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8d-2:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-2:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-5:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8e-8:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-8:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8e-4:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-6:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-3:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-6:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-4:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-6:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g-7:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-9:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f-8:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8d-1:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8f:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8c-4:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8e-1:*:*:*:*:*:*:* cpe:2.3:a:openssl_project:openssl:0.9.8g:*:*:*:*:*:*:* |
cpe:2.3:a:openssl:openssl:0.9.8:-:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta4:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta3:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta1:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta5:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta2:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.8:beta6:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* |
References | (HP) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 - Broken Link, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/1377 - Permissions Required, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35729 - Third Party Advisory | |
References | (MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000082.html - Third Party Advisory | |
References | (CONFIRM) http://cvs.openssl.org/chngview?cn=18188 - Broken Link, Patch, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2010/0528 - Permissions Required, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35571 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38761 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37003 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/42724 - Third Party Advisory | |
References | (MLIST) http://marc.info/?l=openssl-dev&m=124263491424212&w=2 - Exploit, Mailing List, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38834 - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1335.html - Third Party Advisory | |
References | (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html - Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 - Broken Link | |
References | (MLIST) http://marc.info/?l=openssl-dev&m=124247679213944&w=2 - Mailing List, Patch, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 - Tool Signature | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-792-1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/42733 - Third Party Advisory | |
References | (NETBSD) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc - Broken Link, Third Party Advisory | |
References | (CONFIRM) http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net - Broken Link | |
References | (MISC) https://launchpad.net/bugs/cve/2009-1378 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35461 - Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229 - Tool Signature | |
References | (SECUNIA) http://secunia.com/advisories/36533 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35128 - Third Party Advisory | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/8720 - Exploit, Third Party Advisory, VDB Entry | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2009/05/18/1 - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html - Mailing List, Third Party Advisory | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-200912-01.xml - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38794 - Third Party Advisory | |
References | (CONFIRM) https://kb.bluecoat.com/index?page=content&id=SA50 - Broken Link | |
References | (CONFIRM) http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest - Broken Link, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/35001 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1022241 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/35416 - Third Party Advisory | |
First Time |
Canonical ubuntu Linux
Canonical |
|
CWE | CWE-401 |
Information
Published : 2009-05-19 19:30
Updated : 2024-02-07 18:02
NVD link : CVE-2009-1378
Mitre link : CVE-2009-1378
CVE.ORG link : CVE-2009-1378
JSON object : View
Products Affected
canonical
- ubuntu_linux
openssl
- openssl
CWE
CWE-401
Missing Release of Memory after Effective Lifetime