CVE-2009-1387

CWE-476NULL Pointer Dereference9 documents8 sources
Severity
5.0MEDIUM
EPSS
13.5%
top 5.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openssl OpensslCanonical Ubuntu LinuxRedhat Openssl
Timeline
PublishedJun 4
Latest updateMay 3

Description

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDopenssl/openssl0.9.80.9.8m
Debianopenssl< 0.9.8k-2+3
NVDredhat/openssl0.9.6-15, 0.9.6b-3, 0.9.7a-2+2

Also affects: Ubuntu Linux 6.06, 8.04, 8.10, 9.04

Patches

Patch: cvs.openssl.orgPatch: rt.openssl.orgPatch: cvs.openssl.org

🔴Vulnerability Details

3
GHSA
GHSA-rf8c-7g59-3m3m: The dtls1_retrieve_buffered_fragment function in ssl/d1_both2022-05-03
OSV
CVE-2009-1387: The dtls1_retrieve_buffered_fragment function in ssl/d1_both2009-06-04
CVEList
CVE-2009-1387: The dtls1_retrieve_buffered_fragment function in ssl/d1_both2009-06-04

📋Vendor Advisories

3
Ubuntu
OpenSSL vulnerabilities2009-06-25
Red Hat
openssl: DTLS out-of-sequence message handling NULL deref DoS2009-06-02
Debian
CVE-2009-1387: openssl - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before...2009

💬Community

1
Bugzilla
CVE-2009-1387 openssl: DTLS out-of-sequence message handling NULL deref DoS2009-06-02
CVE-2009-1387 (MEDIUM CVSS 5) | The dtls1_retrieve_buffered_fragmen | cvebase.io