CVE-2009-1379

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8l-r2 OpenSSL version 1.0.0 Beta 2

Description The issue is related to a use-after-free vulnerability in the dtls1 retrieve buffered fragment function, which can be exploited by remote attackers via a crafted DTLS packet, potentially leading to a denial of service. Multiple vulnerabilities in the OpenSSL package may compromise the integrity and availability of protected information, with exploitation possible remotely.

Recommendations For OpenSSL version 1.0.0 Beta 2, consider updating to a version that fixes the use-after-free vulnerability in the dtls1 retrieve buffered fragment function. For OpenSSL versions prior to 0.9.8l-r2, update to version 0.9.8l-r2 or later to address the multiple vulnerabilities. As a temporary workaround, consider restricting access to DTLS packets from untrusted sources to minimize the risk of exploitation.