PT-2008-3226 · Openssl+2 · Openssl+2

Michael Chen

Published

2008-07-10

Updated

2024-06-15

CVE-2008-1678

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8f through 0.9.8h

Description A memory leak in the zlib stateful init function in libssl allows remote attackers to cause a denial of service via multiple calls, such as initial SSL client handshakes to the Apache HTTP Server mod ssl that specify a compression algorithm.

Recommendations For versions 0.9.8f through 0.9.8h, consider updating to a version that fixes the memory leak issue in the zlib stateful init function to prevent denial of service attacks.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-1678

DTSA-131-1

OPENSUSE-SU-2024:10623-1

RHSA-2009:1075

RHSA-2009_1075

Affected Products

Apache Http Server

Openssl

Red Hat

PT-2008-3226 · Openssl+2 · Openssl+2

CVE-2008-1678

Weakness Enumeration

Related Identifiers

Affected Products

References · 70