CVE-2009-1378

Priority
Description
Multiple memory leaks in the dtls1_process_out_of_seq_message function in
ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote
attackers to cause a denial of service (memory consumption) via DTLS
records that (1) are duplicates or (2) have sequence numbers much greater
than current sequence numbers, aka "DTLS fragment handling memory leak."
Notes
mdeslaurPoC: http://milw0rm.com/exploits/8720
More Information

Updated: 2020-01-29 19:35:17 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)