DEBIAN-CVE-2009-1378

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2009-1378

Published: 19 May 2009, 19:30

Last modified:28 Apr 2026, 20:11

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 May 2009, 19:30

Published

Vulnerability first disclosed

28 Apr 2026, 20:11

Last Modified

Vulnerability information updated

Description

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Affected Systems

debian•openssl
< 0.9.8k-1 | < 0.9.8k-1 | < 0.9.8k-1 | < 0.9.8k-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2009-1378