CVE-2009-1378

N/A Unknown
Published: May 19, 2009 Modified: April 23, 2026
View on NVD

Description

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
Source: secalert@redhat.com
Broken Link Third Party Advisory
http://cvs.openssl.org/chngview?cn=18188
Source: secalert@redhat.com
Broken Link Patch Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
Source: secalert@redhat.com
Broken Link Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Source: secalert@redhat.com
Third Party Advisory
http://marc.info/?l=openssl-dev&m=124247679213944&w=2
Source: secalert@redhat.com
Mailing List Patch Third Party Advisory
http://marc.info/?l=openssl-dev&m=124263491424212&w=2
Source: secalert@redhat.com
Exploit Mailing List Third Party Advisory
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Source: secalert@redhat.com
Broken Link Third Party Advisory
http://secunia.com/advisories/35128
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/35416
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/35461
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/35571
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/35729
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/36533
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/37003
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/38761
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/38794
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/38834
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/42724
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/42733
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://security.gentoo.org/glsa/glsa-200912-01.xml
Source: secalert@redhat.com
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
Source: secalert@redhat.com
Broken Link
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
Source: secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
Source: secalert@redhat.com
Not Applicable
http://www.openwall.com/lists/oss-security/2009/05/18/1
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1335.html
Source: secalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/35001
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022241
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-792-1
Source: secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1377
Source: secalert@redhat.com
Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528
Source: secalert@redhat.com
Permissions Required Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA50
Source: secalert@redhat.com
Broken Link
https://launchpad.net/bugs/cve/2009-1378
Source: secalert@redhat.com
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309
Source: secalert@redhat.com
Broken Link Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
Source: secalert@redhat.com
Broken Link Tool Signature
https://www.exploit-db.com/exploits/8720
Source: secalert@redhat.com
Exploit Third Party Advisory VDB Entry
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
http://cvs.openssl.org/chngview?cn=18188
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=openssl-dev&m=124247679213944&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Patch Third Party Advisory
http://marc.info/?l=openssl-dev&m=124263491424212&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Mailing List Third Party Advisory
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
http://secunia.com/advisories/35128
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/35416
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/35461
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/35571
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/35729
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/36533
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/37003
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/38761
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/38794
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/38834
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/42724
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/42733
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://security.gentoo.org/glsa/glsa-200912-01.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.openwall.com/lists/oss-security/2009/05/18/1
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1335.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/35001
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022241
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-792-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1377
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA50
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://launchpad.net/bugs/cve/2009-1378
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Tool Signature
https://www.exploit-db.com/exploits/8720
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry

74 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
13.2%
94th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-401

Affected Vendors

canonical openssl

Related CVEs

CVE-2026-7024 5.4
CVE-2026-7023 6.3
CVE-2026-7022 7.3
CVE-2026-7021 3.5
CVE-2026-7020 5.6