CVE-2009-4355

CWE-399CWE-401Memory Leak8 documents8 sources
Severity
5.0MEDIUM
EPSS
20.2%
top 4.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openssl OpensslRedhat Openssl
Timeline
PublishedJan 14
Latest updateMay 2

Description

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianopenssl< 0.9.8k-8+3
NVDopenssl/openssl0.9.8l+48
NVDredhat/openssl0.9.6-15, 0.9.6b-3, 0.9.7a-2+2

🔴Vulnerability Details

3
GHSA
GHSA-cg3r-vf2p-3f9h: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib2022-05-02
CVEList
CVE-2009-4355: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib2010-01-14
OSV
CVE-2009-4355: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib2010-01-14

📋Vendor Advisories

3
Ubuntu
OpenSSL vulnerability2010-01-14
Red Hat
openssl significant memory leak in certain SSLv3 requests (DoS)2010-01-13
Debian
CVE-2009-4355: openssl - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in Open...2009

💬Community

1
Bugzilla
CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests (DoS)2009-12-11
CVE-2009-4355 (MEDIUM CVSS 5) | Memory leak in the zlib_stateful_fi | cvebase.io