CVE-2009-4355
CVE-2009-4355
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://cvs.openssl.org/chngview?cn=19068http://cvs.openssl.org/chngview?cn=19069http://cvs.openssl.org/chngview?cn=19167http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttp://marc.info/?l=bugtraq&m=127128920008563&w=2https://bugzilla.redhat.com/show_bug.cgi?id=546707http://secunia.com/advisories/38175http://secunia.com/advisories/38181http://secunia.com/advisories/38200http://secunia.com/advisories/38761