{"api_version":"1","generated_at":"2026-04-22T23:29:25+00:00","cve":"CVE-2009-1379","urls":{"html":"https://cve.report/CVE-2009-1379","api":"https://cve.report/api/cve/CVE-2009-1379.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-1379","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-1379"},"summary":{"title":"CVE-2009-1379","description":"Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2009-05-19 19:30:00","updated_at":"2023-02-13 02:20:00"},"problem_types":["CWE-399"],"metrics":[],"references":[{"url":"http://www.vupen.com/english/advisories/2009/1377","name":"ADV-2009-1377","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kb.bluecoat.com/index?page=content&id=SA50","name":"https://kb.bluecoat.com/index?page=content&id=SA50","refsource":"CONFIRM","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=501572","name":"https://bugzilla.redhat.com/show_bug.cgi?id=501572","refsource":"MISC","tags":[],"title":"Bug 501572 – CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444","name":"HPSBMA02492","refsource":"HP","tags":[],"title":"HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access - c02029444 - \r\n\t\tHP Business Support Center","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html","name":"http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html","refsource":"CONFIRM","tags":[],"title":"VooDoo cIRCle security advisory 20091012-01","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35571","name":"35571","refsource":"SECUNIA","tags":[],"title":"Ubuntu update for openssl - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/42724","name":"42724","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2009/05/18/4","name":"[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS","refsource":"MLIST","tags":[],"title":"oss-security - Re: Two OpenSSL DTLS remote DoS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35461","name":"35461","refsource":"SECUNIA","tags":[],"title":"Fedora update for openssl - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/0528","name":"ADV-2010-0528","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50661","name":"openssl-dtls1retrievebufferedfragment-dos(50661)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744","name":"oval:org.mitre.oval:def:9744","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2009:1335","name":"https://access.redhat.com/errata/RHSA-2009:1335","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/42733","name":"42733","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net","name":"http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net","refsource":"CONFIRM","tags":[],"title":"Page not found\n    - SourceForge.net","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://security.gentoo.org/glsa/glsa-200912-01.xml","name":"GLSA-200912-01","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  OpenSSL: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://launchpad.net/bugs/cve/2009-1379","name":"https://launchpad.net/bugs/cve/2009-1379","refsource":"MISC","tags":[],"title":"CVE-2009-1379","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38761","name":"38761","refsource":"SECUNIA","tags":[],"title":"Slackware update for  openssl - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35416","name":"35416","refsource":"SECUNIA","tags":[],"title":"SUSE Update for Multiple Packages - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35729","name":"35729","refsource":"SECUNIA","tags":[],"title":"NetBSD update for openssl - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc","name":"NetBSD-SA2009-009","refsource":"NETBSD","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1022241","name":"1022241","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - OpenSSL DTLS Processing Bugs Let Users Deny Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2009-1379","name":"https://access.redhat.com/security/cve/CVE-2009-1379","refsource":"MISC","tags":[],"title":"access.redhat.com | CVE-2009-1379","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38794","name":"38794","refsource":"SECUNIA","tags":[],"title":"VMware vMA Update for Multiple Packages - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37003","name":"37003","refsource":"SECUNIA","tags":[],"title":"VooDoo cIRCle OpenSSL DTLS Denial of Service Vulnerabilities - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049","name":"SSA:2010-060-02","refsource":"SLACKWARE","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest","name":"http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest","refsource":"CONFIRM","tags":["Exploit"],"title":"#1923: dtls1_retrieve_buffered_fragment: Read from freed data structure","mime":"text/html","httpstatus":"500","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2009-1335.html","name":"RHSA-2009:1335","refsource":"REDHAT","tags":[],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.vmware.com/pipermail/security-announce/2010/000082.html","name":"[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates","refsource":"MLIST","tags":[],"title":"[Security-announce] VMSA-2010-0004 ESX Service Console and vMA\tthird party updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-792-1","name":"USN-792-1","refsource":"UBUNTU","tags":[],"title":"USN-792-1: OpenSSL vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/35138","name":"35138","refsource":"BID","tags":[],"title":"OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/38834","name":"38834","refsource":"SECUNIA","tags":[],"title":"VMware ESX Server 4 Multiple Vulnerabilities - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848","name":"oval:org.mitre.oval:def:6848","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html","name":"SUSE-SR:2009:011","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2009:011","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36533","name":"36533","refsource":"SECUNIA","tags":[],"title":"Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-1379","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-1379","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"1379","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.0","cpe7":"beta2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1379","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.0","cpe7":"beta2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2009-1379","organization":"Red Hat","lastmodified":"2009-09-02","contributor":"Tomas Hoger","statementText":"This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.","cve_year":"2009","cve_id":"1379","crc32":"0513f9da"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2009-1379","qid":"390284","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2009-1379","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://secunia.com/advisories/35729","refsource":"MISC","name":"http://secunia.com/advisories/35729"},{"url":"http://secunia.com/advisories/42724","refsource":"MISC","name":"http://secunia.com/advisories/42724"},{"url":"http://secunia.com/advisories/42733","refsource":"MISC","name":"http://secunia.com/advisories/42733"},{"url":"https://kb.bluecoat.com/index?page=content&id=SA50","refsource":"MISC","name":"https://kb.bluecoat.com/index?page=content&id=SA50"},{"url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc","refsource":"MISC","name":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"},{"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444","refsource":"MISC","name":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"},{"url":"http://lists.vmware.com/pipermail/security-announce/2010/000082.html","refsource":"MISC","name":"http://lists.vmware.com/pipermail/security-announce/2010/000082.html"},{"url":"http://secunia.com/advisories/35416","refsource":"MISC","name":"http://secunia.com/advisories/35416"},{"url":"http://secunia.com/advisories/35461","refsource":"MISC","name":"http://secunia.com/advisories/35461"},{"url":"http://secunia.com/advisories/35571","refsource":"MISC","name":"http://secunia.com/advisories/35571"},{"url":"http://secunia.com/advisories/36533","refsource":"MISC","name":"http://secunia.com/advisories/36533"},{"url":"http://secunia.com/advisories/37003","refsource":"MISC","name":"http://secunia.com/advisories/37003"},{"url":"http://secunia.com/advisories/38761","refsource":"MISC","name":"http://secunia.com/advisories/38761"},{"url":"http://secunia.com/advisories/38794","refsource":"MISC","name":"http://secunia.com/advisories/38794"},{"url":"http://secunia.com/advisories/38834","refsource":"MISC","name":"http://secunia.com/advisories/38834"},{"url":"http://security.gentoo.org/glsa/glsa-200912-01.xml","refsource":"MISC","name":"http://security.gentoo.org/glsa/glsa-200912-01.xml"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049","refsource":"MISC","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049"},{"url":"http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net","refsource":"MISC","name":"http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"},{"url":"http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html","refsource":"MISC","name":"http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"},{"url":"http://www.redhat.com/support/errata/RHSA-2009-1335.html","refsource":"MISC","name":"http://www.redhat.com/support/errata/RHSA-2009-1335.html"},{"url":"http://www.securitytracker.com/id?1022241","refsource":"MISC","name":"http://www.securitytracker.com/id?1022241"},{"url":"http://www.ubuntu.com/usn/USN-792-1","refsource":"MISC","name":"http://www.ubuntu.com/usn/USN-792-1"},{"url":"http://www.vupen.com/english/advisories/2009/1377","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2009/1377"},{"url":"http://www.vupen.com/english/advisories/2010/0528","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2010/0528"},{"url":"http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest","refsource":"MISC","name":"http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest"},{"url":"http://www.openwall.com/lists/oss-security/2009/05/18/4","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2009/05/18/4"},{"url":"http://www.securityfocus.com/bid/35138","refsource":"MISC","name":"http://www.securityfocus.com/bid/35138"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50661","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50661"},{"url":"https://launchpad.net/bugs/cve/2009-1379","refsource":"MISC","name":"https://launchpad.net/bugs/cve/2009-1379"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744"}]}},"nvd":{"publishedDate":"2009-05-19 19:30:00","lastModifiedDate":"2023-02-13 02:20:00","problem_types":["CWE-399"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"1379","Ordinal":"38081","Title":"CVE-2009-1379","CVE":"CVE-2009-1379","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"1379","Ordinal":"1","NoteData":"Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.","Type":"Description","Title":null},{"CveYear":"2009","CveId":"1379","Ordinal":"2","NoteData":"2009-05-19","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"1379","Ordinal":"3","NoteData":"2017-09-28","Type":"Other","Title":"Modified"}]}}}