CVE-2008-0891

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8f through 0.9.8g

Description A double free vulnerability in OpenSSL, when TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. This issue can be exploited remotely, potentially leading to disruption of protected information.

Recommendations For OpenSSL versions 0.9.8f and 0.9.8g, update to a version later than 0.9.8g to resolve the issue. As a temporary workaround, consider disabling TLS server name extensions until a patch is available.