CVE-2009-4355
openssl - denial of service
EPSS 20.2%
Description
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
How to fix CVE-2009-4355
To remediate CVE-2009-4355, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 0.9.8k-8 or later
- —upgrade to 0.9.8g-15+lenny6 or later
Is CVE-2009-4355 being exploited?
Moderate — EPSS is 20.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.9.8k-8
- from 0, < 0.9.8g-15+lenny6