Unrated severityNVD Advisory· Published Jun 4, 2009· Updated Apr 23, 2026

CVE-2009-1386

Description

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Affected products

OpenSSL Project/OpenSSL
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Range: >0.9.8,<0.9.8i
Red Hat/OpenSSL3 versions
cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cvs.openssl.org/chngviewnvdBroken LinkPatchThird Party Advisory
www.securityfocus.com/bid/35174nvdBroken LinkExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/8873nvdExploitThird Party AdvisoryVDB Entry
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascnvdBroken LinkThird Party Advisory
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken LinkThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlnvdThird Party Advisory
lists.vmware.com/pipermail/security-announce/2010/000082.htmlnvdMailing ListThird Party Advisory
rt.openssl.org/Ticket/Display.htmlnvdThird Party AdvisoryVendor Advisory
secunia.com/advisories/35571nvdNot ApplicableThird Party Advisory
secunia.com/advisories/35685nvdNot ApplicableThird Party Advisory
secunia.com/advisories/35729nvdNot ApplicableThird Party Advisory
secunia.com/advisories/36533nvdNot ApplicableThird Party Advisory
secunia.com/advisories/38794nvdNot ApplicableThird Party Advisory
secunia.com/advisories/38834nvdThird Party Advisory
www.openwall.com/lists/oss-security/2009/06/02/1nvdMailing ListThird Party Advisory
www.redhat.com/support/errata/RHSA-2009-1335.htmlnvdThird Party Advisory
www.ubuntu.com/usn/USN-792-1nvdThird Party Advisory
www.vupen.com/english/advisories/2010/0528nvdPermissions RequiredThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/50963nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179nvdBroken LinkTool Signature
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469nvdBroken LinkTool Signature

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.038
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000