ID CVE-2008-0891
Summary Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-08-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 29405
cert-vn VU#661475
confirm
fedora FEDORA-2008-4723
gentoo GLSA-200806-08
mandriva MDVSA-2008:107
misc
sectrack 1020121
secunia
  • 30405
  • 30460
  • 30825
  • 30852
  • 30868
  • 31228
  • 31288
slackware SSA:2008-210-08
ubuntu USN-620-1
vupen
  • ADV-2008-1680
  • ADV-2008-1937
xf openssl-servername-dos(42666)
statements via4
contributor Mark J Cox
lastmodified 2008-05-30
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 08-08-2017 - 01:29
Published 29-05-2008 - 16:32
Back to Top