CVE-2009-1378

MEDIUM Year: 2009
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-401
View all →

Vulnerability Description

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Related Vulnerabilities

CVE-2019-17340

HIGH
CVSS:8.8(High)

An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.

CWE-4012019

CVE-2019-6128

HIGH
CVSS:8.8(High)

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

CWE-4012019

CVE-2021-40633

HIGH
CVSS:8.8(High)

A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.

CWE-4012021

CVE-2023-33718

HIGH
CVSS:8.8(High)

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp

CWE-4012023

CVE-2021-1353

HIGH
CVSS:8.6(High)

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is d...

CWE-4012021

CVE-2021-1387

HIGH
CVSS:8.6(High)

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exis...

CWE-4012021