Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

OpenSSL Resource Management Errors Vulnerability (CVE-2009-4355)

Description

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Remediation

References

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26083)

WordPress Plugin Infographic Maker-iList Unspecified Vulnerability (2.7.0)

Internet Information Services Integer Overflow or Wraparound Vulnerability (CVE-2008-1446)

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)

Severity

Medium

Classification

CVE-2009-4355

Tags

Missing Update Known Vulnerabilities