Summary
This host is running OpenSSL and is prone to Multiple Denial of Service Vulnerabilities
Impact
Successful exploitation will allow attacker to cause denial-of-service conditions,crash the client,and exhaust all memory.
Impact Level: System/Application
Solution
Apply patches or upgrade to the latest version.
For updates refer tohttp://www.slproweb.com/products/Win32OpenSSL.html
Insight
Multiple flaws are due to,
- The library does not limit the number of buffered DTLS records with a future epoch.
- An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages.
- A use-after-free error in the 'dtls1_retrieve_buffered_fragment()' function can be exploited to cause a crash in a client context.
Affected
OpenSSL version 0.9.8 to version 0.9.8k on Windows.
OpenSSL version 1.0.0 Beta2 and prior on Windows.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1377, CVE-2009-1378, CVE-2009-1379 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari Denial Of Service Vulnerability - Jul09
- ClamAV Invalid Memory Access Denial Of Service Vulnerability
- Ciscokits TFTP Server Long Filename Denial Of Service Vulnerability
- FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)