CVE ID:	CVE-2009-1378
Description:	Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Test IDs:	1.3.6.1.4.1.25623.1.0.64246   1.3.6.1.4.1.25623.1.0.64247   1.3.6.1.4.1.25623.1.0.64118   1.3.6.1.4.1.25623.1.0.64248   1.3.6.1.4.1.25623.1.0.122445
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1378 1022241 http://www.securitytracker.com/id?1022241 35001 http://www.securityfocus.com/bid/35001 35128 http://secunia.com/advisories/35128 35416 http://secunia.com/advisories/35416 35461 http://secunia.com/advisories/35461 35571 http://secunia.com/advisories/35571 35729 http://secunia.com/advisories/35729 36533 http://secunia.com/advisories/36533 37003 http://secunia.com/advisories/37003 38761 http://secunia.com/advisories/38761 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 8720 https://www.exploit-db.com/exploits/8720 ADV-2009-1377 http://www.vupen.com/english/advisories/2009/1377 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 MDVSA-2009:120 http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 NetBSD-SA2009-009 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc RHSA-2009:1335 http://www.redhat.com/support/errata/RHSA-2009-1335.html SSA:2010-060-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SSRT100079 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 SUSE-SR:2009:011 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html USN-792-1 http://www.ubuntu.com/usn/USN-792-1 [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124247679213944&w=2 [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124263491424212&w=2 [oss-security] 20090518 Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/05/18/1 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://cvs.openssl.org/chngview?cn=18188 http://cvs.openssl.org/chngview?cn=18188 http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html https://kb.bluecoat.com/index?page=content&id=SA50 https://kb.bluecoat.com/index?page=content&id=SA50 https://launchpad.net/bugs/cve/2009-1378 https://launchpad.net/bugs/cve/2009-1378 oval:org.mitre.oval:def:11309 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 oval:org.mitre.oval:def:7229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229