Description

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Remediation

References

CVE-2009-1386

Related Vulnerabilities

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Scripting (7.3.1)

WordPress Plugin CM Table Of Contents Cross-Site Scripting (1.0.7)

Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1041)

WordPress Plugin WP Maintenance Mode & Site Under Construction Cross-Site Request Forgery (1.8.2)

Undertow Unchecked Return Value Vulnerability (CVE-2022-1319)

Severity

Medium

Classification

CVE-2009-1386 CWE-476

Tags

Missing Update Known Vulnerabilities