Vulnerability Details : CVE-2009-1379
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Vulnerability category: Memory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2009-1379
Probability of exploitation activity in the next 30 days: 11.74%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1379
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-1379
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1379
-
Red Hat 2009-09-02This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.
-
http://www.redhat.com/support/errata/RHSA-2009-1335.html
Support
-
http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest
Exploit
-
http://www.vupen.com/english/advisories/2010/0528
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
502 Bad Gateway
-
http://www.securitytracker.com/id?1022241
GoDaddy Domain Name Search
-
http://www.ubuntu.com/usn/USN-792-1
USN-792-1: OpenSSL vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.openwall.com/lists/oss-security/2009/05/18/4
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
-
https://launchpad.net/bugs/cve/2009-1379
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
The Slackware Linux Project: Slackware Security Advisories
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50661
- https://kb.bluecoat.com/index?page=content&id=SA50
-
http://www.securityfocus.com/bid/35138
-
http://security.gentoo.org/glsa/glsa-200912-01.xml
OpenSSL: Multiple vulnerabilities (GLSA 200912-01) — Gentoo security
-
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
VooDoo cIRCle security advisory 20091012-01
-
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
Page not found - SourceForge.net
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
-
http://www.vupen.com/english/advisories/2009/1377
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*