Detections
Analytics
CVE-2009-1378
high
Description
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
References
https://launchpad.net/bugs/cve/2009-1378
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2009/1377
http://www.ubuntu.com/usn/USN-792-1
http://www.redhat.com/support/errata/RHSA-2009-1335.html
http://www.openwall.com/lists/oss-security/2009/05/18/1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
http://security.gentoo.org/glsa/glsa-200912-01.xml
http://secunia.com/advisories/42733
http://secunia.com/advisories/42724
http://secunia.com/advisories/38834
http://secunia.com/advisories/38794
http://secunia.com/advisories/38761
http://secunia.com/advisories/37003
http://secunia.com/advisories/36533
http://secunia.com/advisories/35729
http://secunia.com/advisories/35571
http://secunia.com/advisories/35461
http://secunia.com/advisories/35416
http://secunia.com/advisories/35128
http://marc.info/?l=openssl-dev&m=124247679213944&w=2
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html