CVE-2009-4355

Severity

50%

Complexity

99%

Confidentiality

48%

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 15 years ago

2010-01-14 19:30:00

Last updated 7 years ago

2017-09-19 01:29:00

Affected Software

OpenSSL Project OpenSSL 0.9.1c

0.9.1c

OpenSSL Project OpenSSL 0.9.2b

0.9.2b

OpenSSL Project OpenSSL 0.9.3

0.9.3

OpenSSL Project OpenSSL 0.9.3a

0.9.3a

OpenSSL Project OpenSSL 0.9.4

0.9.4

OpenSSL Project OpenSSL 0.9.5

0.9.5

OpenSSL Project OpenSSL 0.9.5 Beta1

0.9.5

OpenSSL Project OpenSSL 0.9.5 Beta2

0.9.5

OpenSSL Project OpenSSL 0.9.5a

0.9.5a

OpenSSL Project OpenSSL 0.9.5a Beta1

0.9.5a

OpenSSL Project OpenSSL 0.9.5a Beta2

0.9.5a

OpenSSL Project OpenSSL 0.9.6

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta1

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta2

0.9.6

OpenSSL Project OpenSSL 0.9.6 Beta3

0.9.6

OpenSSL Project OpenSSL 0.9.6a

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta1

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta2

0.9.6a

OpenSSL Project OpenSSL 0.9.6a Beta3

0.9.6a

OpenSSL Project OpenSSL 0.9.6b

0.9.6b

OpenSSL Project OpenSSL 0.9.6c

0.9.6c

OpenSSL Project OpenSSL 0.9.6d

0.9.6d

OpenSSL Project OpenSSL 0.9.6e

0.9.6e

OpenSSL Project OpenSSL 0.9.6f

0.9.6f

OpenSSL Project OpenSSL 0.9.6g

0.9.6g

OpenSSL Project OpenSSL 0.9.6h

0.9.6h

OpenSSL Project OpenSSL 0.9.6i

0.9.6i

OpenSSL Project OpenSSL 0.9.6j

0.9.6j

OpenSSL Project OpenSSL 0.9.6k

0.9.6k

OpenSSL Project OpenSSL 0.9.6l

0.9.6l

OpenSSL Project OpenSSL 0.9.6m

0.9.6m

OpenSSL Project OpenSSL 0.9.7

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta1

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta2

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta3

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta4

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta5

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta6

0.9.7

OpenSSL Project OpenSSL 0.9.7a

0.9.7a

OpenSSL Project OpenSSL 0.9.7b

0.9.7b

OpenSSL Project OpenSSL 0.9.7c

0.9.7c

OpenSSL Project OpenSSL 0.9.7d

0.9.7d

OpenSSL Project OpenSSL 0.9.7e

0.9.7e

OpenSSL Project OpenSSL 0.9.7f

0.9.7f

OpenSSL Project OpenSSL 0.9.7g

0.9.7g

OpenSSL Project OpenSSL 0.9.7h

0.9.7h

OpenSSL Project OpenSSL 0.9.7i

0.9.7i

OpenSSL Project OpenSSL 0.9.7j

0.9.7j

OpenSSL Project OpenSSL 0.9.7k

0.9.7k

OpenSSL Project OpenSSL 0.9.7l

0.9.7l

OpenSSL Project OpenSSL 0.9.7m

0.9.7m

OpenSSL Project OpenSSL 0.9.8

0.9.8

OpenSSL Project OpenSSL 0.9.8a

0.9.8a

OpenSSL Project OpenSSL 0.9.8b

0.9.8b

OpenSSL Project OpenSSL 0.9.8c

0.9.8c

OpenSSL Project OpenSSL 0.9.8d

0.9.8d

OpenSSL Project OpenSSL 0.9.8e

0.9.8e

OpenSSL Project OpenSSL 0.9.8f

0.9.8f

OpenSSL Project OpenSSL 0.9.8g

0.9.8g

OpenSSL Project OpenSSL 0.9.8h

0.9.8h

OpenSSL Project OpenSSL 0.9.8i

0.9.8i

OpenSSL Project OpenSSL 0.9.8j

0.9.8j

OpenSSL Project OpenSSL 0.9.8k

0.9.8k

OpenSSL Project OpenSSL

Red Hat openssl 0.9.6.15

0.9.6-15

Red Hat openssl 0.9.6b3

0.9.6b-3

Red Hat openssl 0.9.7a2

0.9.7a-2

OpenSSL Project OpenSSL 1.0.0 Beta1

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta2

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta3

1.0.0

OpenSSL Project OpenSSL 1.0.0 Beta4

1.0.0

References

http://cvs.openssl.org/chngview?cn=19068

http://cvs.openssl.org/chngview?cn=19069

http://cvs.openssl.org/chngview?cn=19167

FEDORA-2010-5744

FEDORA-2010-5357

SUSE-SA:2010:008

SSRT100058

38175

Vendor Advisory

38181

Vendor Advisory

38200

Vendor Advisory

38761

39461

42724

42733

SSA:2010-060-02

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004

DSA-1970

MDVSA-2010:022

[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355

USN-884-1

Vendor Advisory

ADV-2010-0124

Vendor Advisory

ADV-2010-0839

ADV-2010-0916

https://bugzilla.redhat.com/show_bug.cgi?id=546707

https://issues.rpath.com/browse/RPL-3157

https://kb.bluecoat.com/index?page=content&id=SA50

oval:org.mitre.oval:def:11260

oval:org.mitre.oval:def:12168

oval:org.mitre.oval:def:6678

RHSA-2010:0095

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.