CVE-2009-4355

NONECVSS 0.0

0.0

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

🔗 References (60)

cve@mitrehttp://cvs.openssl.org/chngview?cn=19068
cve@mitrehttp://cvs.openssl.org/chngview?cn=19069
cve@mitrehttp://cvs.openssl.org/chngview?cn=19167
cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
cve@mitrehttp://marc.info/?l=bugtraq&m=127128920008563&w=2
cve@mitrehttp://secunia.com/advisories/38175
cve@mitrehttp://secunia.com/advisories/38181
cve@mitrehttp://secunia.com/advisories/38200
cve@mitrehttp://secunia.com/advisories/38761
cve@mitrehttp://secunia.com/advisories/39461
cve@mitrehttp://secunia.com/advisories/42724
cve@mitrehttp://secunia.com/advisories/42733
cve@mitrehttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

Is Your Infrastructure Affected by CVE-2009-4355?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-4355

📅 Published

🔄 Last Modified

🔗 References (60)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-4355?