CVE-2008-0227

Name of the Vulnerable Software and Affected Versions yaSSL versions 1.7.5 and earlier

Description The issue allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value. This triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.

Recommendations For yaSSL versions 1.7.5 and earlier, consider restricting access to the HASHwithTransform::Update function until a patch is available. As a temporary workaround, avoid using large size values in Hello packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.