Unrated severityNVD Advisory· Published Jun 4, 2009· Updated Apr 23, 2026

CVE-2009-1387

Description

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

Affected products

OpenSSL Project/OpenSSL
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Range: >=0.9.8,<0.9.8m
Red Hat/OpenSSL3 versions
cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cvs.openssl.org/chngviewnvdBroken LinkPatchThird Party AdvisoryVendor Advisory
rt.openssl.org/Ticket/Display.htmlnvdBroken LinkPatchThird Party Advisory
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascnvdBroken LinkThird Party Advisory
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken LinkThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlnvdThird Party Advisory
lists.vmware.com/pipermail/security-announce/2010/000082.htmlnvdMailing ListThird Party Advisory
secunia.com/advisories/35571nvdThird Party Advisory
secunia.com/advisories/35685nvdThird Party Advisory
secunia.com/advisories/35729nvdThird Party Advisory
secunia.com/advisories/36533nvdThird Party Advisory
secunia.com/advisories/37003nvdThird Party Advisory
secunia.com/advisories/38794nvdThird Party Advisory
secunia.com/advisories/38834nvdThird Party Advisory
security.gentoo.org/glsa/glsa-200912-01.xmlnvdThird Party Advisory
voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlnvdThird Party Advisory
www.openwall.com/lists/oss-security/2009/06/02/1nvdMailing ListThird Party Advisory
www.redhat.com/support/errata/RHSA-2009-1335.htmlnvdThird Party Advisory
www.ubuntu.com/usn/USN-792-1nvdThird Party Advisory
www.vupen.com/english/advisories/2010/0528nvdPermissions RequiredThird Party Advisory
sourceforge.net/mailarchive/message.phpnvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740nvdTool Signature
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592nvdTool Signature

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000