Description

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Remediation

References

CVE-2009-1386

Related Vulnerabilities

WordPress Plugin Email Templates HTML Injection (1.3)

WordPress Plugin WP PHP widget Information Disclosure (1.0.2)

OpenSSL Improper Authentication Vulnerability (CVE-2009-0591)

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12837)

Drupal Core 7.x Directory Traversal (7.0 - 7.66)

Severity

Medium

Classification

CVE-2009-1386 CWE-476

Tags

Missing Update Known Vulnerabilities