4.3

CVE-2008-0891

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.8f
OpenSSLOpenSSL Version0.9.8g
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.56% 0.904
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/30852
http://www.vupen.com/english/advisories/2008/1937/references
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
http://secunia.com/advisories/30405
Vendor Advisory
http://secunia.com/advisories/30460
http://secunia.com/advisories/30825
http://secunia.com/advisories/30868
http://secunia.com/advisories/31228
http://secunia.com/advisories/31288
http://security.gentoo.org/glsa/glsa-200806-08.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
http://sourceforge.net/project/shownotes.php?release_id=615606
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
http://www.kb.cert.org/vuls/id/661475
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
http://www.openssl.org/news/secadv_20080528.txt
http://www.securityfocus.com/bid/29405
Patch
http://www.securitytracker.com/id?1020121
http://www.ubuntu.com/usn/usn-620-1
http://www.vupen.com/english/advisories/2008/1680
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html