CVE-2009-1379
Summary
| CVE | CVE-2009-1379 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-05-19 19:30:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:N/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Slackware update for openssl - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc | af854a3a-2127-422b-91ae-364da2661108 | ftp.netbsd.org | |
| VooDoo cIRCle OpenSSL DTLS Denial of Service Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Ubuntu update for openssl - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Gentoo Linux Documentation -- OpenSSL: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| VMware vMA Update for Multiple Packages - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| The Slackware Linux Project: Slackware Security Advisories | af854a3a-2127-422b-91ae-364da2661108 | slackware.com | |
| kb.bluecoat.com/index | af854a3a-2127-422b-91ae-364da2661108 | kb.bluecoat.com | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| NetBSD update for openssl - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| oss-security - Re: Two OpenSSL DTLS remote DoS | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| #1923: dtls1_retrieve_buffered_fragment: Read from freed data structure | af854a3a-2127-422b-91ae-364da2661108 | rt.openssl.org | Exploit |
| Page not found - SourceForge.net | af854a3a-2127-422b-91ae-364da2661108 | sourceforge.net | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Fedora update for openssl - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| VooDoo cIRCle security advisory 20091012-01 | af854a3a-2127-422b-91ae-364da2661108 | voodoo-circle.sourceforge.net | |
| HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access - c02029444 - HP Business Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20000.www2.hp.com | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| USN-792-1: OpenSSL vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| CVE-2009-1379 | af854a3a-2127-422b-91ae-364da2661108 | launchpad.net | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| [Security-announce] VMSA-2010-0004 ESX Service Console and vMA third party updates | af854a3a-2127-422b-91ae-364da2661108 | lists.vmware.com | |
| VMware ESX Server 4 Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| SUSE Update for Multiple Packages - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| SecurityTracker.com Archives - OpenSSL DTLS Processing Bugs Let Users Deny Service | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| access.redhat.com | CVE-2009-1379 | MITRE | access.redhat.com | |
| Bug 501572 – CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS) | MITRE | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2009-09-02 | Tomas Hoger | This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl. |
Legacy QID Mappings
- 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)