CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Openssl: >> Openssl >> 0.9.8k Security Vulnerabilities

CVE-2009-1377

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."

CVSS Score

5.0

EPSS Score

0.035

Published

2009-05-19

CVE-2009-1378

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

CVSS Score

5.0

EPSS Score

0.124

Published

2009-05-19

Page 9

Vulnerabilities

Vulnerable Software

Openssl: >> Openssl >> 0.9.8k Security Vulnerabilities

Products

Pricing

Contact Us