CVE-2009-1377
published 2009-05-19CVE-2009-1377: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
11.27%
95.4th percentile
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.8k-1 (bookworm) | openssl 0.9.8k-1 (bookworm) |
| openssl | openssl | >= 0 < 0.9.8k-1 | 0.9.8k-1 |
| openssl | openssl | >= 0 < 0.9.8k-1 | 0.9.8k-1 |
| openssl | openssl | >= 0 < 0.9.8k-1 | 0.9.8k-1 |
| openssl | openssl | >= 0 < 0.9.8k-1 | 0.9.8k-1 |
| openssl | openssl | >= 0.9.8 < 0.9.8m | 0.9.8m |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-26xx-j6q3-j3rf: The dtls1_buffer_record function in ssl/d1_pkt
ghsa_unreviewed·2022-05-03
CVE-2009-1377 [MEDIUM] CWE-119 GHSA-26xx-j6q3-j3rf: The dtls1_buffer_record function in ssl/d1_pkt
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
OSV
CVE-2009-1377: The dtls1_buffer_record function in ssl/d1_pkt
osv·2009-05-19·CVSS 5.0
CVE-2009-1377 [MEDIUM] CVE-2009-1377: The dtls1_buffer_record function in ssl/d1_pkt
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2009-06-25·CVSS 5.0
CVE-2009-1377 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: OpenSSL vulnerabilities
It was discovered that OpenSSL did not limit the number of DTLS records it
would buffer when they arrived with a future epoch. A remote attacker could
cause a denial of service via memory resource consumption by sending a
large number of crafted requests. (CVE-2009-1377)
It was discovered that OpenSSL did not properly free memory when processing
DTLS fragments. A remote attacker could cause a denial of service via
memory resource consumption by sending a large number of crafted requests.
(CVE-2009-1378)
It was discovered that OpenSSL did not properly handle certain server
certificates when processing DTLS packets. A remote DTLS server could cause
a denial of service by sending a message containing a specially crafted
serve
Red Hat
OpenSSL: DTLS epoch record buffer memory DoS
vendor_redhat·2009-05-12·CVSS 5.0
CVE-2009-1377 [MEDIUM] OpenSSL: DTLS epoch record buffer memory DoS
OpenSSL: DTLS epoch record buffer memory DoS
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Statement: This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4.
Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.
Debian
CVE-2009-1377: openssl - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0...
vendor_debian·2009·CVSS 5.0
CVE-2009-1377 [MEDIUM] CVE-2009-1377: openssl - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0...
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Scope: local
bookworm: resolved (fixed in 0.9.8k-1)
bullseye: resolved (fixed in 0.9.8k-1)
forky: resolved (fixed in 0.9.8k-1)
sid: resolved (fixed in 0.9.8k-1)
trixie: resolved (fixed in 0.9.8k-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS
bugzilla·2009-05-18·CVSS 5.0
CVE-2009-1377 [MEDIUM] CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS
CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1377 to the following vulnerability:
Records are buffered if they arrive with a future epoch to be
processed after finishing the corresponding handshake. There is
currently no limitation to this buffer allowing an attacker to perform
a DOS attack with sending records with future epochs until there is no
memory left. This patch adds the pqueue_size() function to detemine
the size of a buffer and limits the record buffer to 100 entries.
http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest
http://marc.info/?l=openssl-dev&m=124247675613888&w=2
http://cvs.openssl.org/chngview?cn=18187
Discussion:
CVE-2009-1377:
The dtls1_buffer_record function
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.aschttp://cvs.openssl.org/chngview?cn=18187http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://marc.info/?l=openssl-dev&m=124247675613888&w=2http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guesthttp://secunia.com/advisories/35128http://secunia.com/advisories/35416http://secunia.com/advisories/35461http://secunia.com/advisories/35571http://secunia.com/advisories/35729http://secunia.com/advisories/36533http://secunia.com/advisories/37003http://secunia.com/advisories/38761http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://security.gentoo.org/glsa/glsa-200912-01.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.nethttp://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:120http://www.openwall.com/lists/oss-security/2009/05/18/1http://www.redhat.com/support/errata/RHSA-2009-1335.htmlhttp://www.securityfocus.com/bid/35001http://www.securitytracker.com/id?1022241http://www.ubuntu.com/usn/USN-792-1http://www.vupen.com/english/advisories/2009/1377http://www.vupen.com/english/advisories/2010/0528https://kb.bluecoat.com/index?page=content&id=SA50https://launchpad.net/bugs/cve/2009-1377https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.aschttp://cvs.openssl.org/chngview?cn=18187http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://marc.info/?l=openssl-dev&m=124247675613888&w=2http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guesthttp://secunia.com/advisories/35128http://secunia.com/advisories/35416http://secunia.com/advisories/35461http://secunia.com/advisories/35571http://secunia.com/advisories/35729http://secunia.com/advisories/36533http://secunia.com/advisories/37003http://secunia.com/advisories/38761http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://security.gentoo.org/glsa/glsa-200912-01.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.nethttp://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:120http://www.openwall.com/lists/oss-security/2009/05/18/1http://www.redhat.com/support/errata/RHSA-2009-1335.htmlhttp://www.securityfocus.com/bid/35001http://www.securitytracker.com/id?1022241http://www.ubuntu.com/usn/USN-792-1http://www.vupen.com/english/advisories/2009/1377http://www.vupen.com/english/advisories/2010/0528https://kb.bluecoat.com/index?page=content&id=SA50https://launchpad.net/bugs/cve/2009-1377https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663
2009-05-19
Published