VYPR
Unrated severityNVD Advisory· Published May 19, 2009· Updated Jun 16, 2026

CVE-2009-1378

CVE-2009-1378

Description

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*range: >0.9.8,<0.9.8m
    • (no CPE)range: <=0.9.8k
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

37

News mentions

0

No linked articles in our index yet.