OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
References
Configurations
History
02 Feb 2022, 15:03
Type | Values Removed | Values Added |
---|---|---|
First Time |
Canonical ubuntu Linux
Canonical Openssl Openssl openssl |
|
CWE | CWE-476 | |
CPE | cpe:2.3:a:openssl_project:openssl:0.9.8g:*:*:*:*:*:*:* |
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* |
References | (SECUNIA) http://secunia.com/advisories/30405 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/29405 - Patch, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/30852 - Third Party Advisory | |
References | (CONFIRM) http://www.openssl.org/news/secadv_20080528.txt - Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/30868 - Third Party Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html - Third Party Advisory | |
References | (CONFIRM) http://sourceforge.net/project/shownotes.php?release_id=615606 - Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/492932/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/31228 - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/1937/references - Permissions Required, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/31288 - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/1680 - Permissions Required, Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/42667 - Third Party Advisory, VDB Entry | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-200806-08.xml - Third Party Advisory | |
References | (MISC) http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/30460 - Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:107 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/usn-620-1 - Third Party Advisory | |
References | (MISC) http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400 - Third Party Advisory | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/520586 - Third Party Advisory, US Government Resource | |
References | (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004 - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1020122 - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/30825 - Third Party Advisory |
Information
Published : 2008-05-29 16:32
Updated : 2023-12-10 10:51
NVD link : CVE-2008-1672
Mitre link : CVE-2008-1672
CVE.ORG link : CVE-2008-1672
JSON object : View
Products Affected
openssl
- openssl
canonical
- ubuntu_linux
CWE
CWE-476
NULL Pointer Dereference