CVE-2009-1378
published 2009-05-19CVE-2009-1378: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
12.75%
95.8th percentile
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | openssl | < openssl 0.9.8k-1 (bookworm) | openssl 0.9.8k-1 (bookworm) |
| openssl | openssl | < 0.9.8m | 0.9.8m |
| openssl | openssl | >= 0 < 0.9.8k-1 | 0.9.8k-1 |
| openssl | openssl | >= 0 < 0.9.8k-1 | 0.9.8k-1 |
| openssl | openssl | >= 0 < 0.9.8k-1 | 0.9.8k-1 |
| openssl | openssl | >= 0 < 0.9.8k-1 | 0.9.8k-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v965-8v6m-8c59: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both
ghsa_unreviewed·2022-05-03
CVE-2009-1378 [MEDIUM] CWE-401 GHSA-v965-8v6m-8c59: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
OSV
CVE-2009-1378: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both
osv·2009-05-19·CVSS 5.0
CVE-2009-1378 [MEDIUM] CVE-2009-1378: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2009-06-25·CVSS 5.0
CVE-2009-1377 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: OpenSSL vulnerabilities
It was discovered that OpenSSL did not limit the number of DTLS records it
would buffer when they arrived with a future epoch. A remote attacker could
cause a denial of service via memory resource consumption by sending a
large number of crafted requests. (CVE-2009-1377)
It was discovered that OpenSSL did not properly free memory when processing
DTLS fragments. A remote attacker could cause a denial of service via
memory resource consumption by sending a large number of crafted requests.
(CVE-2009-1378)
It was discovered that OpenSSL did not properly handle certain server
certificates when processing DTLS packets. A remote DTLS server could cause
a denial of service by sending a message containing a specially crafted
serve
Red Hat
OpenSSL: DTLS fragment handling memory DoS
vendor_redhat·2009-05-12·CVSS 5.0
CVE-2009-1378 [MEDIUM] OpenSSL: DTLS fragment handling memory DoS
OpenSSL: DTLS fragment handling memory DoS
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Statement: This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4.
Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client -
Debian
CVE-2009-1378: openssl - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1...
vendor_debian·2009·CVSS 5.0
CVE-2009-1378 [MEDIUM] CVE-2009-1378: openssl - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1...
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Scope: local
bookworm: resolved (fixed in 0.9.8k-1)
bullseye: resolved (fixed in 0.9.8k-1)
forky: resolved (fixed in 0.9.8k-1)
sid: resolved (fixed in 0.9.8k-1)
trixie: resolved (fixed in 0.9.8k-1)
No detection rules found.
Exploit-DB
OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
exploitdb·2009-06-04·CVSS 5.0
CVE-2009-1386 [MEDIUM] OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
OpenSSL
* http://jon.oberheide.org
*
* Information:
*
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
*
* OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as
* the first record instead of ClientHello.
*
* Usage:
*
* Pass the host and port of the target DTLS server:
*
* $ gcc cve-2009-1386.c -o cve-2009-1386
* $ ./cve-2009-1386 1.2.3.4 666
*
* Notes:
*
* Much easier than the memory exhaustion DoS issue (CVE-2009-1378) as this
* only requires a single ChangeCipherSpec datagram, but affects an older
* version of OpenSSL.
*
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int
main(int argc, char **argv)
{
int sock, ret;
char *ptr, *err;
struct hostent *h;
struct sockaddr_in target;
char buf[64];
if (argc h_addrty
Exploit-DB
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
exploitdb·2009-05-18·CVSS 5.0
CVE-2009-1379 [MEDIUM] OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
---
/*
* cve-2009-1378.c
*
* OpenSSL
* http://jon.oberheide.org
*
* Information:
*
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
*
* In dtls1_process_out_of_seq_message() the check if the current message is
* already buffered was missing. For every new message was memory allocated,
* allowing an attacker to perform an denial of service attack with sending
* out of seq handshake messages until there is no memory left.
*
* Usage:
*
* Pass the host and port of the target DTLS server:
*
* $ gcc cve-2009-1378.c -o cve-2009-1378
* $ ./cve-2009-1378 1.2.3.4 666
*
* Notes:
*
* With a MTU of 1500, the attack leaks 1503 bytes of memory with each UDP
* datagram. If you have a bigger MTU than 1500, feel free
Bugzilla
CVE-2014-3505 openssl: DTLS packet processing double free
bugzilla·2014-08-07·CVSS 5.0
CVE-2014-3505 [MEDIUM] CVE-2014-3505 openssl: DTLS packet processing double free
CVE-2014-3505 openssl: DTLS packet processing double free
A double free vulnerability was identified in the OpenSSL DTLS code when an attacker forces an error condition. This issue affects both client and server code.
Discussion:
External References:
https://www.openssl.org/news/secadv_20140806.txt
---
Upstream commit:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b
---
Created openssl tracking bugs for this issue:
Affects: fedora-all [bug 1127704]
---
Created mingw-openssl tracking bugs for this issue:
Affects: fedora-all [bug 1127705]
---
Created mingw-openssl tracking bugs for this issue:
Affects: epel-7 [bug 1127709]
---
openssl-1.0.1e-39.fc19 has been pushed to the Fedora 19 stable repository. If problems still per
Bugzilla
CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS
bugzilla·2009-05-18·CVSS 5.0
CVE-2009-1378 [MEDIUM] CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS
CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1378 to the following vulnerability:
In dtls1_process_out_of_seq_message() the check if the current message
is already buffered was missing. For every new message was memory
allocated, allowing an attacker to perform an denial of service attack
with sending out of seq handshake messages until there is no memory
left. Additionally every future messege was buffered, even if the
sequence number made no sense and would be part of another handshake.
So only messages with sequence numbers less than 10 in advance will be
buffered.
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
http://marc.info/?t=124250665500033&r=1&w=2
http://cvs.openssl.org/ch
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.aschttp://cvs.openssl.org/chngview?cn=18188http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://marc.info/?l=openssl-dev&m=124247679213944&w=2http://marc.info/?l=openssl-dev&m=124263491424212&w=2http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guesthttp://secunia.com/advisories/35128http://secunia.com/advisories/35416http://secunia.com/advisories/35461http://secunia.com/advisories/35571http://secunia.com/advisories/35729http://secunia.com/advisories/36533http://secunia.com/advisories/37003http://secunia.com/advisories/38761http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://security.gentoo.org/glsa/glsa-200912-01.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.nethttp://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:120http://www.openwall.com/lists/oss-security/2009/05/18/1http://www.redhat.com/support/errata/RHSA-2009-1335.htmlhttp://www.securityfocus.com/bid/35001http://www.securitytracker.com/id?1022241http://www.ubuntu.com/usn/USN-792-1http://www.vupen.com/english/advisories/2009/1377http://www.vupen.com/english/advisories/2010/0528https://kb.bluecoat.com/index?page=content&id=SA50https://launchpad.net/bugs/cve/2009-1378https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229https://www.exploit-db.com/exploits/8720ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.aschttp://cvs.openssl.org/chngview?cn=18188http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://marc.info/?l=openssl-dev&m=124247679213944&w=2http://marc.info/?l=openssl-dev&m=124263491424212&w=2http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guesthttp://secunia.com/advisories/35128http://secunia.com/advisories/35416http://secunia.com/advisories/35461http://secunia.com/advisories/35571http://secunia.com/advisories/35729http://secunia.com/advisories/36533http://secunia.com/advisories/37003http://secunia.com/advisories/38761http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://secunia.com/advisories/42724http://secunia.com/advisories/42733http://security.gentoo.org/glsa/glsa-200912-01.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.nethttp://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:120http://www.openwall.com/lists/oss-security/2009/05/18/1http://www.redhat.com/support/errata/RHSA-2009-1335.htmlhttp://www.securityfocus.com/bid/35001http://www.securitytracker.com/id?1022241http://www.ubuntu.com/usn/USN-792-1http://www.vupen.com/english/advisories/2009/1377http://www.vupen.com/english/advisories/2010/0528https://kb.bluecoat.com/index?page=content&id=SA50https://launchpad.net/bugs/cve/2009-1378https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229https://www.exploit-db.com/exploits/8720
2009-05-19
Published