CVE-2008-1672

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8f through 0.9.8g

Description The issue allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites, which triggers a NULL pointer dereference. This can lead to disruption of protected information availability.

Recommendations For versions 0.9.8f and 0.9.8g, update to a version newer than 0.9.8g to resolve the issue. As a temporary workaround, consider restricting the use of particular cipher suites in TLS handshakes to minimize the risk of exploitation.