Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Max CVSS
5.0
EPSS Score
13.24%
Published
2008-07-10
Updated
2023-02-13
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
Max CVSS
4.3
EPSS Score
4.71%
Published
2008-05-29
Updated
2022-02-02
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
13.22%
Published
2008-05-29
Updated
2023-02-13
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
Max CVSS
7.8
EPSS Score
8.97%
Published
2008-05-13
Updated
2024-02-09
4 vulnerabilities found