CVE-2009-1378 (retired)

Priority
Description
Multiple memory leaks in the dtls1_process_out_of_seq_message function in
ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote
attackers to cause a denial of service (memory consumption) via DTLS
records that (1) are duplicates or (2) have sequence numbers much greater
than current sequence numbers, aka "DTLS fragment handling memory leak."
Notes
 mdeslaur> PoC: http://milw0rm.com/exploits/8720
More Information

Updated: 2019-03-26 11:47:47 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)