New Search

OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability

oval:org.mitre.oval:def:7469

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 4.0
Class:
vulnerability
Reference(s):
  • CVE-2009-1386
Product(s):