Vulnerability & Exploit Database

Back to search

OpenSSL CRYPTO_cleanup_all_ex_data denial of service (CVE-2008-1678)

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) July 09, 2008 November 17, 2010 February 12, 2015

Description

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

http-openssl-0_9_8-upgrade-0_9_8_i

Related Vulnerabilities