CVE-2008-0891

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-0891
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
http://secunia.com/advisories/30405 Vendor Advisory
http://secunia.com/advisories/30460
http://secunia.com/advisories/30825
http://secunia.com/advisories/30852
http://secunia.com/advisories/30868
http://secunia.com/advisories/31228
http://secunia.com/advisories/31288
http://security.gentoo.org/glsa/glsa-200806-08.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
http://sourceforge.net/project/shownotes.php?release_id=615606
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
http://www.kb.cert.org/vuls/id/661475 US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
http://www.openssl.org/news/secadv_20080528.txt
http://www.securityfocus.com/bid/29405 Patch
http://www.securitytracker.com/id?1020121
http://www.ubuntu.com/usn/usn-620-1
http://www.vupen.com/english/advisories/2008/1680
http://www.vupen.com/english/advisories/2008/1937/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
History

07 Nov 2023, 02:01

Type Values Removed Values Added
Summary Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

13 Feb 2023, 02:18

Type Values Removed Values Added
Summary Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
Information

Published : 2008-05-29 16:32

Updated : 2023-12-10 10:51

NVD link : CVE-2008-0891

Mitre link : CVE-2008-0891

CVE.ORG link : CVE-2008-0891

JSON object : View

Products Affected

openssl

  • openssl
CWE
CWE-189

Numeric Errors