CVE - CVE-2009-4355

CVE-ID
CVE-2009-4355	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://cvs.openssl.org/chngview?cn=19068 CONFIRM:http://cvs.openssl.org/chngview?cn=19069 CONFIRM:http://cvs.openssl.org/chngview?cn=19167 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=546707 CONFIRM:https://issues.rpath.com/browse/RPL-3157 CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA50 DEBIAN:DSA-1970 URL:http://www.debian.org/security/2010/dsa-1970 FEDORA:FEDORA-2010-5357 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html FEDORA:FEDORA-2010-5744 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html HP:HPSBUX02517 URL:http://marc.info/?l=bugtraq&m=127128920008563&w=2 HP:SSRT100058 URL:http://marc.info/?l=bugtraq&m=127128920008563&w=2 MANDRIVA:MDVSA-2010:022 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:022~~ (Obsolete source) MLIST:[oss-security] 20100113 [PATCH] memory consumption (DoS) in openssl CVE-2009-4355 URL:http://www.openwall.com/lists/oss-security/2010/01/13/3 OVAL:oval:org.mitre.oval:def:11260 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260 OVAL:oval:org.mitre.oval:def:12168 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168 OVAL:oval:org.mitre.oval:def:6678 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678 REDHAT:RHSA-2010:0095 URL:https://rhn.redhat.com/errata/RHSA-2010-0095.html SECUNIA:38175 URL:http://secunia.com/advisories/38175 SECUNIA:38181 URL:http://secunia.com/advisories/38181 SECUNIA:38200 URL:http://secunia.com/advisories/38200 SECUNIA:38761 URL:http://secunia.com/advisories/38761 SECUNIA:39461 URL:http://secunia.com/advisories/39461 SECUNIA:42724 URL:http://secunia.com/advisories/42724 SECUNIA:42733 URL:http://secunia.com/advisories/42733 SLACKWARE:SSA:2010-060-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SUSE:SUSE-SA:2010:008 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html UBUNTU:USN-884-1 URL:http://www.ubuntu.com/usn/USN-884-1 VUPEN:ADV-2010-0124 URL:~~http://www.vupen.com/english/advisories/2010/0124~~ (Obsolete source) VUPEN:ADV-2010-0839 URL:~~http://www.vupen.com/english/advisories/2010/0839~~ (Obsolete source) VUPEN:ADV-2010-0916 URL:~~http://www.vupen.com/english/advisories/2010/0916~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20091218	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091218)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)