Openssl : Security Vulnerabilities, CVEs, Published In 2009

CVE-2009-1386

Public exploit
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Max CVSS
5.0
EPSS Score
6.51%
Published
2009-06-04
Updated
2024-02-07

CVE-2009-1378

Public exploit
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Max CVSS
5.0
EPSS Score
7.69%
Published
2009-05-19
Updated
2024-02-07
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close