Unrated severityNVD Advisory· Published May 19, 2009· Updated Apr 23, 2026
CVE-2009-1378
CVE-2009-1378
Description
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Affected products
5cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
37- cvs.openssl.org/chngviewnvdBroken LinkPatchVendor Advisory
- marc.infonvdMailing ListPatchThird Party Advisory
- marc.infonvdExploitMailing ListThird Party Advisory
- www.exploit-db.com/exploits/8720nvdExploitThird Party AdvisoryVDB Entry
- ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascnvdBroken LinkThird Party Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken LinkThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlnvdMailing ListThird Party Advisory
- lists.vmware.com/pipermail/security-announce/2010/000082.htmlnvdThird Party Advisory
- rt.openssl.org/Ticket/Display.htmlnvdBroken LinkThird Party Advisory
- secunia.com/advisories/35128nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/35416nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/35461nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/35571nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/35729nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/36533nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/37003nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/38761nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/38794nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/38834nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/42724nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/42733nvdNot ApplicableThird Party Advisory
- security.gentoo.org/glsa/glsa-200912-01.xmlnvdThird Party Advisory
- slackware.com/security/viewer.phpnvdMailing ListThird Party Advisory
- voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2009/05/18/1nvdMailing ListThird Party Advisory
- www.redhat.com/support/errata/RHSA-2009-1335.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/35001nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-792-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/1377nvdPermissions RequiredThird Party Advisory
- www.vupen.com/english/advisories/2010/0528nvdPermissions RequiredThird Party Advisory
- launchpad.net/bugs/cve/2009-1378nvdThird Party Advisory
- sourceforge.net/mailarchive/message.phpnvdBroken Link
- www.mandriva.com/security/advisoriesnvdNot Applicable
- kb.bluecoat.com/indexnvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309nvdBroken LinkTool Signature
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229nvdBroken LinkTool Signature
News mentions
0No linked articles in our index yet.