FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssl -- denial of service in DTLS implementation

Affected packages
0.9.8 <= openssl < 0.9.8k_1
0.9.8f <= linux-f10-openssl < 0.9.8m

Details

VuXML ID 82b55df8-4d5a-11de-8811-0030843d3802
Discovery 2009-05-18
Entry 2009-05-30
Modified 2014-04-10

Secunia reports:

Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS.

The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS packets.

An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages.

References

CVE Name CVE-2009-1377
CVE Name CVE-2009-1378
URL http://secunia.com/advisories/35128/