5

CVE-2008-1678

Exploit
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.8f
OpenSSLOpenSSL Version0.9.8g
OpenSSLOpenSSL Version0.9.8h
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.29% 0.915
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/44183
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://www.securityfocus.com/bid/31681
http://www.vupen.com/english/advisories/2008/2780
http://secunia.com/advisories/34219
http://www.ubuntu.com/usn/USN-731-1
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://secunia.com/advisories/31026
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200807-06.xml
http://secunia.com/advisories/31416
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html
http://bugs.gentoo.org/show_bug.cgi?id=222643
http://marc.info/?l=openssl-dev&m=121060672602371&w=2
Exploit
http://secunia.com/advisories/35264
http://secunia.com/advisories/38761
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://securityreason.com/securityalert/3981
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
http://svn.apache.org/viewvc?view=rev&revision=654119
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
http://www.redhat.com/support/errata/RHSA-2009-1075.html
http://www.securityfocus.com/bid/31692
https://bugs.edge.launchpad.net/bugs/186339
https://bugs.edge.launchpad.net/bugs/224945
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=447268
https://exchange.xforce.ibmcloud.com/vulnerabilities/43948
https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
https://kb.bluecoat.com/index?page=content&id=SA50
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9754