Michael Chen

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 0.9.8f through 0.9.8h **Description** A memory leak in the zlib stateful init function in libssl allows remote attackers to cause a denial of service via multiple calls, such as initial SSL client handshakes to the Apache HTTP Server mod ssl that specify a compression algorithm. **Recommendations** For versions 0.9.8f through 0.9.8h, consider updating to a version that fixes the memory leak issue in the zlib stateful init function to prevent denial of service attacks.