USN-792-1 -- openssl vulnerabilitiesID: oval:org.secpod.oval:def:700402 | Date: (C)2011-05-13 (M)2024-02-15 |
Class: PATCH | Family: unix |
It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occured before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request
Platform: |
Ubuntu 8.04 |
Ubuntu 9.04 |
Ubuntu 6.06 |
Ubuntu 8.10 |