First published: Tue May 19 2009(Updated: )
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenSSL libcrypto | >=0.9.8<0.9.8m | |
OpenSSL libcrypto | =0.9.8b | |
OpenSSL libcrypto | =0.9.8c | |
OpenSSL libcrypto | =0.9.8e | |
OpenSSL libcrypto | =0.9.8g | |
OpenSSL libcrypto | =0.9.8k | |
OpenSSL libcrypto | =0.9.8d | |
OpenSSL libcrypto | =0.9.8j | |
OpenSSL libcrypto | =0.9.8a | |
OpenSSL libcrypto | =0.9.8i | |
OpenSSL libcrypto | =0.9.8f | |
OpenSSL libcrypto | =0.9.8h | |
OpenSSL libcrypto | <0.9.8 | |
OpenSSL libcrypto | =0.9.8 | |
OpenSSL libcrypto | =0.9.8-beta1 | |
OpenSSL libcrypto | =0.9.8-beta2 | |
OpenSSL libcrypto | =0.9.8-beta3 | |
OpenSSL libcrypto | =0.9.8-beta4 | |
OpenSSL libcrypto | =0.9.8-beta5 | |
OpenSSL libcrypto | =0.9.8-beta6 | |
OpenSSL libcrypto | =0.9.8c-1 | |
OpenSSL libcrypto | =0.9.8g-9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-1377 has a severity level that can lead to a denial of service due to memory consumption.
To fix CVE-2009-1377, you should upgrade to a later version of OpenSSL beyond 0.9.8m.
CVE-2009-1377 affects OpenSSL versions 0.9.8k and earlier, including earlier 0.9.8 versions.
Yes, CVE-2009-1377 can be exploited by remote attackers through a large series of DTLS records.
Exploiting CVE-2009-1377 can lead to a denial of service through excessive memory consumption.