CVE-2009-1378

MEDIUM

Description

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

ID	Name	Product	Family	Severity
127201	NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)	Nessus	NewStart CGSL Local Security Checks	critical
127177	NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020)	Nessus	NewStart CGSL Local Security Checks	critical
125000	EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1547)	Nessus	Huawei Local Security Checks	critical
89740	VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)	Nessus	VMware ESX Local Security Checks	critical
89737	VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)	Nessus	VMware ESX Local Security Checks	high
63892	RHEL 5 : openssl (RHSA-2009:1335)	Nessus	Red Hat Local Security Checks	medium
60658	Scientific Linux Security Update : openssl on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
17765	OpenSSL < 0.9.8l Multiple Vulnerabilities	Nessus	Web Servers	medium
46765	VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates	Nessus	VMware ESX Local Security Checks	critical
46015	HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities	Nessus	Web Servers	critical
44993	VMSA-2010-0004 : ESX Service Console and vMA third-party updates	Nessus	VMware ESX Local Security Checks	high
44946	Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : openssl (SSA:2010-060-02)	Nessus	Slackware Local Security Checks	critical
43785	CentOS 5 : openssl (CESA-2009:1335)	Nessus	CentOS Local Security Checks	medium
42996	Mandriva Linux Security Advisory : openssl (MDVSA-2009:310)	Nessus	Mandriva Local Security Checks	medium
42968	GLSA-200912-01 : OpenSSL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
41572	SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6267)	Nessus	SuSE Local Security Checks	medium
41424	SuSE 11 Security Update : OpenSSL (SAT Patch Number 909)	Nessus	SuSE Local Security Checks	medium
40261	openSUSE Security Update : libopenssl-devel (libopenssl-devel-907)	Nessus	SuSE Local Security Checks	medium
40034	openSUSE Security Update : libopenssl-devel (libopenssl-devel-907)	Nessus	SuSE Local Security Checks	medium
39534	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : openssl vulnerabilities (USN-792-1)	Nessus	Ubuntu Local Security Checks	medium
39476	Fedora 11 : openssl-0.9.8k-5.fc11 (2009-5452)	Nessus	Fedora Local Security Checks	medium
39475	Fedora 9 : openssl-0.9.8g-9.14.fc9 (2009-5423)	Nessus	Fedora Local Security Checks	medium
39474	Fedora 10 : openssl-0.9.8g-14.fc10 (2009-5412)	Nessus	Fedora Local Security Checks	medium
38966	FreeBSD : openssl -- denial of service in DTLS implementation (82b55df8-4d5a-11de-8811-0030843d3802)	Nessus	FreeBSD Local Security Checks	medium
38923	openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-6268)	Nessus	SuSE Local Security Checks	medium
38864	Mandriva Linux Security Advisory : openssl (MDVSA-2009:120)	Nessus	Mandriva Local Security Checks	medium

CVE-2009-1378

Description

References

Details

Risk Information

CVSS v2.0