CVE-2009-1386 (retired)

Priority
Description
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a
denial of service (NULL pointer dereference and daemon crash) via a DTLS
ChangeCipherSpec packet that occurs before ClientHello.
Notes
 mdeslaur> PoC: http://www.milw0rm.com/exploits/8873
Package
Upstream:released (0.9.8i)
Patches:
Upstream:http://cvs.openssl.org/chngview?cn=17369
More Information

Updated: 2019-08-23 08:35:48 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)