CVE-2008-1672

 

Published at: - 29-05-2008 06:32

Last modified: - 02-02-2022 04:03

Total changes: - 2

Description

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:N/A:P

 

Verification logic

 

Reference

• http://www.openssl.org/news/secadv_20080528.txt
• 29405-Patch, Third Party Advisory, VDB Entry
• 30405-Third Party Advisory
• USN-620-1-Third Party Advisory
• GLSA-200806-08-Third Party Advisory
• SSA:2008-210-08-Third Party Advisory
• VU#520586-Third Party Advisory, US Government Resource
• 30825-Third Party Advisory
• 31228-Third Party Advisory
• 31288-Third Party Advisory
• http://sourceforge.net/project/shownotes.php?release_id=615606
• 30868-Third Party Advisory
• 30460-Third Party Advisory
• FEDORA-2008-4723-Third Party Advisory
• 30852-Third Party Advisory
• http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
• ADV-2008-1937-Permissions Required, Third Party Advisory
• 1020122-Third Party Advisory, VDB Entry
• http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
• MDVSA-2008:107-Third Party Advisory
• ADV-2008-1680-Permissions Required, Third Party Advisory
• openssl-serverkey-dos(42667)-Third Party Advisory, VDB Entry
• 20080602 rPSA-2008-0181-1 openssl openssl-scripts-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2008-1672

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures