CVE-2009-1387

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

Published: 2009-06-04 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2009-1387 is rated Moderate Risk (50.1/100): CVSS Medium severity, with high exploitation likelihood (EPSS 10.25%, 95th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2009-1387

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 13.46% 10.25% -3.21%
2 2026-03-04 9.96% 13.46% +3.50%
3 2026-03-01 9.96%

Full EPSS history (48 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-1387

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2009-1387

OS Trackers for CVE-2009-1387

vendor priority summary link
debian low CVE-2009-1387 low priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2009-1387
gentoo normal CVE-2009-1387: 1 GLSA(s) (200912-01), 1 atom(s) (dev-libs/openssl); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2009-1387
redhat medium https://access.redhat.com/security/cve/CVE-2009-1387
suse medium CVE-2009-1387 severity moderate: SUSE including 164 source package names (compat-openssl098, libopenssl-1_0_0-devel, …), 379 product×package rows across 59 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (59 product lines)): Fixed 207, Known Not Affected 172. https://www.suse.com/security/cve/CVE-2009-1387/
ubuntu medium CVE-2009-1387 medium priority: Ubuntu including 1 source packages (openssl), 5 status rows across 5 suites (dapper, hardy, intrepid, jaunty, upstream): released 4, needs-triage 1. https://ubuntu.com/security/CVE-2009-1387

Affected software / configurations for CVE-2009-1387

Vendor Product Version Raw CPE
openssl openssl >= 0.9.8, < 0.9.8m cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
redhat openssl 0.9.6-15 cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*
redhat openssl 0.9.6b-3 cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*
redhat openssl 0.9.7a-2 cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*
canonical ubuntu_linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonical ubuntu_linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonical ubuntu_linux 8.10 cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
canonical ubuntu_linux 9.04 cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

References for CVE-2009-1387

URL Tags
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc Broken Link Third Party Advisory
http://cvs.openssl.org/chngview?cn=17958 Broken Link Patch Third Party Advisory Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 Broken Link Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.html Mailing List Third Party Advisory
http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest Broken Link Patch Third Party Advisory
http://secunia.com/advisories/35571 Third Party Advisory
http://secunia.com/advisories/35685 Third Party Advisory
http://secunia.com/advisories/35729 Third Party Advisory
http://secunia.com/advisories/36533 Third Party Advisory
http://secunia.com/advisories/37003 Third Party Advisory
http://secunia.com/advisories/38794 Third Party Advisory
http://secunia.com/advisories/38834 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200912-01.xml Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net Broken Link
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/06/02/1 Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1335.html Third Party Advisory
http://www.ubuntu.com/usn/USN-792-1 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528 Permissions Required Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740 Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592 Tool Signature
cvelogic Threat Intelligence