Vulnerability-Lookup

CVE-2009-1379 (GCVE-0-2009-1379)

Vulnerability from cvelistv5 – Published: 2009-05-19 19:00 – Updated: 2024-08-07 05:13

Summary

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/42724	third-party-advisoryx_refsource_SECUNIA
	https://launchpad.net/bugs/cve/2009-1379	x_refsource_MISC
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://secunia.com/advisories/38794	third-party-advisoryx_refsource_SECUNIA
	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2009/1377	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/35729	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200912-01.xml	vendor-advisoryx_refsource_GENTOO
	http://www.redhat.com/support/errata/RHSA-2009-13…	vendor-advisoryx_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/38761	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37003	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/36533	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1022241	vdb-entryx_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-792-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://voodoo-circle.sourceforge.net/sa/sa-200910…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/35138	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2009/05/18/4	mailing-listx_refsource_MLIST
	ftp://ftp.netbsd.org/pub/NetBSD/security/advisori…	vendor-advisoryx_refsource_NETBSD
	http://secunia.com/advisories/38834	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35461	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35571	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/35416	third-party-advisoryx_refsource_SECUNIA
	http://sourceforge.net/mailarchive/message.php?ms…	x_refsource_CONFIRM
	https://kb.bluecoat.com/index?page=content&id=SA50	x_refsource_CONFIRM
	http://rt.openssl.org/Ticket/Display.html?id=1923…	x_refsource_CONFIRM
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/42733	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/0528	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/cve/2009-1379"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "ADV-2009-1377",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1377"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "RHSA-2009:1335",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "HPSBMA02492",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "name": "37003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37003"
          },
          {
            "name": "36533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "1022241",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022241"
          },
          {
            "name": "USN-792-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "name": "SUSE-SR:2009:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9744",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
          },
          {
            "name": "openssl-dtls1retrievebufferedfragment-dos(50661)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
          },
          {
            "name": "35138",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35138"
          },
          {
            "name": "[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
          },
          {
            "name": "NetBSD-SA2009-009",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "35461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35461"
          },
          {
            "name": "35571",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "oval:org.mitre.oval:def:6848",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
          },
          {
            "name": "35416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35416"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "SSRT100079",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.net/bugs/cve/2009-1379"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "ADV-2009-1377",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1377"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "RHSA-2009:1335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
        },
        {
          "name": "HPSBMA02492",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "name": "37003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37003"
        },
        {
          "name": "36533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36533"
        },
        {
          "name": "1022241",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022241"
        },
        {
          "name": "USN-792-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-792-1"
        },
        {
          "name": "SUSE-SR:2009:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9744",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
        },
        {
          "name": "openssl-dtls1retrievebufferedfragment-dos(50661)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
        },
        {
          "name": "35138",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35138"
        },
        {
          "name": "[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
        },
        {
          "name": "NetBSD-SA2009-009",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "35461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35461"
        },
        {
          "name": "35571",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35571"
        },
        {
          "name": "oval:org.mitre.oval:def:6848",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
        },
        {
          "name": "35416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35416"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "SSRT100079",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1379",
    "datePublished": "2009-05-19T19:00:00.000Z",
    "dateReserved": "2009-04-23T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:13:25.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-106

Vulnerability from certfr_avis - Published: 2010-03-04 - Updated: 2010-03-04

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware vMA 4.0 sans le patch 3.
VMware	N/A	VMware ESX 3.0.3 ;
VMware	N/A	VMware ESX 3.5 ;
VMware	N/A	VMware ESX 2.5.5 ;
VMware	N/A	VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 03 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vMA 4.0 sans le patch 3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 2.5.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
    },
    {
      "name": "CVE-2009-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2009-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2849"
    },
    {
      "name": "CVE-2009-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3916"
    },
    {
      "name": "CVE-2009-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3613"
    },
    {
      "name": "CVE-2009-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2009-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3620"
    },
    {
      "name": "CVE-2009-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
    },
    {
      "name": "CVE-2009-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3228"
    },
    {
      "name": "CVE-2009-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
    },
    {
      "name": "CVE-2009-2695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2695"
    },
    {
      "name": "CVE-2008-4316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4316"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2008-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3916"
    },
    {
      "name": "CVE-2009-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-3286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3286"
    },
    {
      "name": "CVE-2008-4552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
    },
    {
      "name": "CVE-2009-3612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3612"
    },
    {
      "name": "CVE-2009-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3621"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2009-2904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
    },
    {
      "name": "CVE-2009-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2908"
    },
    {
      "name": "CVE-2009-3726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3726"
    }
  ],
  "initial_release_date": "2010-03-04T00:00:00",
  "last_revision_date": "2010-03-04T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me ou d\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 03 mars 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    }
  ]
}

CERTA-2010-AVI-627

Vulnerability from certfr_avis - Published: 2010-12-23 - Updated: 2010-12-23

De nombreuses vulnérabilités, liées à l'utilisation de versions anciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus dommageables permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Solution

Pour la version 9, la révision 9.2.4.1 remédie à ces vulnérabilités. Le correctif de la version 8 n'est pas encore disponible.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Blue Coat Reporter, versions 8.x et 9.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Blue Coat SA50 du 19 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBlue Coat Reporter, versions 8.x et  9.x.\u003c/p\u003e",
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nPour la version 9, la r\u00e9vision 9.2.4.1 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s. Le\ncorrectif de la version 8 n\u0027est pas encore disponible.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-4355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4355"
    }
  ],
  "initial_release_date": "2010-12-23T00:00:00",
  "last_revision_date": "2010-12-23T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-627",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Blue Coat Reporter",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA50 du 19 novembre 2010",
      "url": "http://kb.bluecoat.com/index?page=content\u0026id=SA50"
    }
  ]
}

CERTA-2009-AVI-192

Vulnerability from certfr_avis - Published: 2009-05-19 - Updated: 2009-06-30

Deux vulnérabilités découvertes dans OpenSSL permettent à un utilisateur distant malintentionné de provoquer un déni de service.

Description

Deux vulnérabiliés causées par un manque de contrôle dans le traitement des enregistrements et messages de type DTLS (Datagram Transport Layer Security), peuvent être exploitées pour réaliser un déni de service par consommation de mémoire excessive.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL 0.9.x.

References

Title

Publication Time

Tags

Bulletins de sécurité OpenSSL #1838, #1923, #1930 et #1931	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-792-1 du 25 juin 2009 :	-	other
Site Internet de l'éditeur OpenSSL :	-	other
Bulletin de sécurité IBM du 29 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL 0.9.x.",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabili\u00e9s caus\u00e9es par un manque de contr\u00f4le dans le traitement\ndes enregistrements et messages de type DTLS (Datagram Transport Layer\nSecurity), peuvent \u00eatre exploit\u00e9es pour r\u00e9aliser un d\u00e9ni de service par\nconsommation de m\u00e9moire excessive.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2009-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    }
  ],
  "initial_release_date": "2009-05-19T00:00:00",
  "last_revision_date": "2009-06-30T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-792-1 du 25 juin 2009 :",
      "url": "https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-June/000923.html"
    },
    {
      "title": "Site Internet de l\u0027\u00e9diteur OpenSSL :",
      "url": "http://www.openssl.org/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 29 juin 2009 :",
      "url": "http://aix.software.ibm.com/aix/efixes/security/ssl_advisory.asc"
    }
  ],
  "reference": "CERTA-2009-AVI-192",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-19T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9s OpenSSL, IBM, Ubuntu et aux CVE.",
      "revision_date": "2009-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans OpenSSL permettent \u00e0 un utilisateur\ndistant malintentionn\u00e9 de provoquer un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 OpenSSL #1838, #1923, #1930 et #1931",
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1931"
    }
  ]
}

GHSA-4PW3-FCXF-F8GX

Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1379"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-05-19T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.",
  "id": "GHSA-4pw3-fcxf-f8gx",
  "modified": "2022-05-03T03:20:26Z",
  "published": "2022-05-03T03:20:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1379"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
    },
    {
      "type": "WEB",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/cve/2009-1379"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "type": "WEB",
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35461"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37003"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38761"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
    },
    {
      "type": "WEB",
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35138"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022241"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1377"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-1379

Vulnerability from fkie_nvd - Published: 2009-05-19 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
secalert@redhat.com	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
secalert@redhat.com	http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest	Exploit
secalert@redhat.com	http://secunia.com/advisories/35416
secalert@redhat.com	http://secunia.com/advisories/35461
secalert@redhat.com	http://secunia.com/advisories/35571
secalert@redhat.com	http://secunia.com/advisories/35729
secalert@redhat.com	http://secunia.com/advisories/36533
secalert@redhat.com	http://secunia.com/advisories/37003
secalert@redhat.com	http://secunia.com/advisories/38761
secalert@redhat.com	http://secunia.com/advisories/38794
secalert@redhat.com	http://secunia.com/advisories/38834
secalert@redhat.com	http://secunia.com/advisories/42724
secalert@redhat.com	http://secunia.com/advisories/42733
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200912-01.xml
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
secalert@redhat.com	http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
secalert@redhat.com	http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2009/05/18/4
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1335.html
secalert@redhat.com	http://www.securityfocus.com/bid/35138
secalert@redhat.com	http://www.securitytracker.com/id?1022241
secalert@redhat.com	http://www.ubuntu.com/usn/USN-792-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1377
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0528
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/50661
secalert@redhat.com	https://kb.bluecoat.com/index?page=content&id=SA50
secalert@redhat.com	https://launchpad.net/bugs/cve/2009-1379
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
af854a3a-2127-422b-91ae-364da2661108	http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35416
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35461
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35571
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35729
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36533
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37003
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38761
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38794
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38834
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42724
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42733
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200912-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
af854a3a-2127-422b-91ae-364da2661108	http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/05/18/4
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1335.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35138
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022241
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-792-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1377
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0528
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/50661
af854a3a-2127-422b-91ae-364da2661108	https://kb.bluecoat.com/index?page=content&id=SA50
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.net/bugs/cve/2009-1379
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744

Impacted products

	Vendor	Product	Version
	openssl	openssl	1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en (use-after-free) en la funci\u00f3n dtls1_retrieve_buffered_fragment en ssl/d1_both.c en OpenSSL v1.0.0 Beta 2 permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de openssl s_client) a posiblemente tenga un impacto sin especificar a trav\u00e9s de un paquete DTLS, como se demostr\u00f3 mediante un paquete de un servidor que utiliza un certificado de servidor manipulado."
    }
  ],
  "id": "CVE-2009-1379",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-19T19:30:00.780",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35461"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37003"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38761"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/35138"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1022241"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1377"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://launchpad.net/bugs/cve/2009-1379"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-792-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/bugs/cve/2009-1379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4.\n\nThis issue was addressed for Red Hat Enterprise Linux 5 \nby http://rhn.redhat.com/errata/RHSA-2009-1335.html\n\nNote that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments.  There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.\n",
      "lastModified": "2009-09-02T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-1379

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1379

Aliases

CVE-2009-1379

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1379",
    "description": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.",
    "id": "GSD-2009-1379",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1379.html",
      "https://access.redhat.com/errata/RHSA-2009:1335",
      "https://linux.oracle.com/cve/CVE-2009-1379.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1379"
      ],
      "details": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.",
      "id": "GSD-2009-1379",
      "modified": "2023-12-13T01:19:48.176552Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-1379",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/35729",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "http://secunia.com/advisories/42724",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "http://secunia.com/advisories/42733",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
            "refsource": "MISC",
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc",
            "refsource": "MISC",
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
          },
          {
            "name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444",
            "refsource": "MISC",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
          },
          {
            "name": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
            "refsource": "MISC",
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "http://secunia.com/advisories/35416",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35416"
          },
          {
            "name": "http://secunia.com/advisories/35461",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35461"
          },
          {
            "name": "http://secunia.com/advisories/35571",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35571"
          },
          {
            "name": "http://secunia.com/advisories/36533",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36533"
          },
          {
            "name": "http://secunia.com/advisories/37003",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/37003"
          },
          {
            "name": "http://secunia.com/advisories/38761",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "name": "http://secunia.com/advisories/38794",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "http://secunia.com/advisories/38834",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200912-01.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net",
            "refsource": "MISC",
            "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
          },
          {
            "name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html",
            "refsource": "MISC",
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1335.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
          },
          {
            "name": "http://www.securitytracker.com/id?1022241",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1022241"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-792-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-792-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1377",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1377"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0528",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          },
          {
            "name": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest",
            "refsource": "MISC",
            "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2009/05/18/4",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
          },
          {
            "name": "http://www.securityfocus.com/bid/35138",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/35138"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
          },
          {
            "name": "https://launchpad.net/bugs/cve/2009-1379",
            "refsource": "MISC",
            "url": "https://launchpad.net/bugs/cve/2009-1379"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-1379"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://rt.openssl.org/Ticket/Display.html?id=1923\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4"
            },
            {
              "name": "https://launchpad.net/bugs/cve/2009-1379",
              "refsource": "MISC",
              "tags": [],
              "url": "https://launchpad.net/bugs/cve/2009-1379"
            },
            {
              "name": "1022241",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022241"
            },
            {
              "name": "ADV-2009-1377",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1377"
            },
            {
              "name": "35138",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35138"
            },
            {
              "name": "SUSE-SR:2009:011",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "35416",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "name": "35461",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35461"
            },
            {
              "name": "USN-792-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-792-1"
            },
            {
              "name": "35571",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35571"
            },
            {
              "name": "35729",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35729"
            },
            {
              "name": "NetBSD-SA2009-009",
              "refsource": "NETBSD",
              "tags": [],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
            },
            {
              "name": "37003",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37003"
            },
            {
              "name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
            },
            {
              "name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
            },
            {
              "name": "GLSA-200912-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
            },
            {
              "name": "SSA:2010-060-02",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
            },
            {
              "name": "38761",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38761"
            },
            {
              "name": "HPSBMA02492",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
            },
            {
              "name": "38794",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "ADV-2010-0528",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "38834",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
            },
            {
              "name": "42724",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42724"
            },
            {
              "name": "42733",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42733"
            },
            {
              "name": "RHSA-2009:1335",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
            },
            {
              "name": "36533",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36533"
            },
            {
              "name": "openssl-dtls1retrievebufferedfragment-dos(50661)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"
            },
            {
              "name": "oval:org.mitre.oval:def:9744",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"
            },
            {
              "name": "oval:org.mitre.oval:def:6848",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:20Z",
      "publishedDate": "2009-05-19T19:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1379 (GCVE-0-2009-1379)

CERTA-2010-AVI-106

Description

Solution

CERTA-2010-AVI-627

Description

Solution

CERTA-2009-AVI-192

Description

Solution

GHSA-4PW3-FCXF-F8GX

FKIE_CVE-2009-1379

GSD-2009-1379

Tags

Sightings

Nomenclature