CVE-2009-1377

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 19-05-2009 09:30

Last modified: - 02-02-2022 04:07

Total changes: - 2

Description

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

vendor=openssl AND product=openssl AND versionEndExcluding=0.9.8

vendor=openssl AND product=openssl AND version=0.9.8 AND update=-

vendor=openssl AND product=openssl AND version=0.9.8 AND update=beta1

vendor=openssl AND product=openssl AND version=0.9.8 AND update=beta2

vendor=openssl AND product=openssl AND version=0.9.8 AND update=beta3

vendor=openssl AND product=openssl AND version=0.9.8 AND update=beta4

vendor=openssl AND product=openssl AND version=0.9.8 AND update=beta5

vendor=openssl AND product=openssl AND version=0.9.8 AND update=beta6

vendor=openssl AND product=openssl AND version=0.9.8a

vendor=openssl AND product=openssl AND version=0.9.8b

vendor=openssl AND product=openssl AND version=0.9.8c

vendor=openssl AND product=openssl AND version=0.9.8c-1

vendor=openssl AND product=openssl AND version=0.9.8d

vendor=openssl AND product=openssl AND version=0.9.8e

vendor=openssl AND product=openssl AND version=0.9.8f

vendor=openssl AND product=openssl AND version=0.9.8g

vendor=openssl AND product=openssl AND version=0.9.8g-9

vendor=openssl AND product=openssl AND version=0.9.8h

vendor=openssl AND product=openssl AND version=0.9.8i

vendor=openssl AND product=openssl AND version=0.9.8j

vendor=openssl AND product=openssl AND version=0.9.8k

Reference

35001-Third Party Advisory, VDB Entry
35128-Third Party Advisory, Vendor Advisory
https://launchpad.net/bugs/cve/2009-1377
[oss-security] 20090518 Two OpenSSL DTLS remote DoS-Mailing List
http://cvs.openssl.org/chngview?cn=18187
http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest
[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug-Mailing List, Patch, Third Party Advisory
1022241-Third Party Advisory, VDB Entry
MDVSA-2009:120-Broken Link
ADV-2009-1377-Permissions Required, Third Party Advisory
SUSE-SR:2009:011-Third Party Advisory
35416-Third Party Advisory
35461-Third Party Advisory
USN-792-1-Third Party Advisory
35571-Third Party Advisory
35729-Third Party Advisory
NetBSD-SA2009-009-Broken Link, Third Party Advisory
37003-Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
GLSA-200912-01-Third Party Advisory
SSA:2010-060-02-Mailing List, Third Party Advisory
38761-Third Party Advisory
HPSBMA02492-Broken Link, Third Party Advisory
38794-Third Party Advisory
38834-Third Party Advisory
ADV-2010-0528-Permissions Required, Third Party Advisory
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates-Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA50
42724-Third Party Advisory
42733-Third Party Advisory
RHSA-2009:1335-Third Party Advisory
36533-Third Party Advisory
oval:org.mitre.oval:def:9663-Tool Signature
oval:org.mitre.oval:def:6683-Tool Signature

Keywords

CVE-2009-1377

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-1377

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures