Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1379 — Use After Free in Openssl

CWE-399 CWE-416 — Use After Free8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

8.6%

top 7.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openssl Debian Openssl

Timeline

PublishedMay 19

Latest updateMay 3

Description

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 0.9.8k-1 (bookworm)

▶Debianopenssl/openssl< 0.9.8k-1+3

▶NVDopenssl/openssl1.0.0

🔴Vulnerability Details

GHSA

GHSA-4pw3-fcxf-f8gx: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both↗2022-05-03

▶

OSV

CVE-2009-1379: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both↗2009-05-19

▶

💥Exploits & PoCs

Exploit-DB

OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service↗2009-05-18

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2009-06-25

▶

Red Hat

OpenSSL: DTLS pointer use-after-free flaw (DoS)↗2009-05-11

▶

Debian

CVE-2009-1379: openssl - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in...↗2009

▶

💬Community

Bugzilla

CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS)↗2009-05-19

▶