VulnerableCode Vulnerability Details - VCID-7w7a-ezwc-dub3

Search for vulnerabilities

Vulnerability details: VCID-7w7a-ezwc-dub3

Essentials
Severities (12)
References (8)
Severity details (0)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-7w7a-ezwc-dub3
Aliases	CVE-2009-1386
Summary
Status	Published
Exploitability	2.0
Weighted Severity	0.4
Risk	0.8
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-476

NULL Pointer Dereference

System	Score	Found at
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386
epss	0.43635	https://api.first.org/data/v1/epss?cve=CVE-2009-1386

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1386.json
		https://api.first.org/data/v1/epss?cve=CVE-2009-1386
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
503685		https://bugzilla.redhat.com/show_bug.cgi?id=503685
532037		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532037
OSVDB-55073;CVE-2009-1386	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8873.c
RHSA-2009:1335		https://access.redhat.com/errata/RHSA-2009:1335
USN-792-1		https://usn.ubuntu.com/792-1/

Data source	Exploit-DB
Date added	June 3, 2009
Description	OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
Ransomware campaign use	Known
Source publication date	June 4, 2009
Exploit type	dos
Platform	multiple

Data source	Metasploit
Description	This module performs a Denial of Service Attack against Datagram TLS in OpenSSL version 0.9.8i and earlier. OpenSSL crashes under these versions when it receives a ChangeCipherspec Datagram before a ClientHello.
Note	Stability: - crash-service-down SideEffects: [] Reliability: []
Ransomware campaign use	Unknown
Source publication date	April 26, 2000
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.97407
EPSS Score	0.43635
Published At	July 31, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:35:53.646421+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/792-1/	37.0.0