CVE-2008-0891

2008-05-29 18:32:00 2017-08-08 03:29:45

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

OpenSSL Project OpenSSL 0.9.8g OpenSSL Project OpenSSL 0.9.8f

Openssl - Openssl

Advisory	Patch	Confirmed	Link
			FEDORA-2008-4723
			openssl-servername-dos(42666)
			ADV-2008-1937
			ADV-2008-1680
			USN-620-1
			1020121
			29405
			http://www.openssl.org/news/secadv_20080528.txt
			VU#661475
			MDVSA-2008:107
			http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&i...
			http://sourceforge.net/project/shownotes.php?release_id=...
			SSA:2008-210-08
			GLSA-200806-08
			http://cert.fi/haavoittuvuudet/2008/advisory-openssl.htm...

CVE-2008-0891

2008-05-29 18:32:00 2017-08-08 03:29:45

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)