Search for vulnerabilities
Vulnerability details: VCID-7w7a-ezwc-dub3
Vulnerability ID VCID-7w7a-ezwc-dub3
Aliases CVE-2009-1386
Summary
Status Published
Exploitability 2.0
Weighted Severity 0.4
Risk 0.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss 0.43635 https://api.first.org/data/v1/epss?cve=CVE-2009-1386
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1386.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
503685 https://bugzilla.redhat.com/show_bug.cgi?id=503685
532037 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532037
OSVDB-55073;CVE-2009-1386 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8873.c
RHSA-2009:1335 https://access.redhat.com/errata/RHSA-2009:1335
USN-792-1 https://usn.ubuntu.com/792-1/
Data source Metasploit
Description This module performs a Denial of Service Attack against Datagram TLS in OpenSSL version 0.9.8i and earlier. OpenSSL crashes under these versions when it receives a ChangeCipherspec Datagram before a ClientHello.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date April 26, 2000
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb
Data source Exploit-DB
Date added June 3, 2009
Description OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
Ransomware campaign use Known
Source publication date June 4, 2009
Exploit type dos
Platform multiple
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.97407
EPSS Score 0.43635
Published At July 31, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:35:53.646421+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/792-1/ 37.0.0