Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-0891

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-29 May, 2008 | 16:00
Updated At-07 Aug, 2024 | 08:01
Rejected At-
Credits

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:29 May, 2008 | 16:00
Updated At:07 Aug, 2024 | 08:01
Rejected At:
▼CVE Numbering Authority (CNA)

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
x_refsource_MISC
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
vendor-advisory
x_refsource_SLACKWARE
http://secunia.com/advisories/30852
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
vendor-advisory
x_refsource_FEDORA
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
vdb-entry
x_refsource_XF
http://secunia.com/advisories/30460
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30825
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1680
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1020121
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/usn-620-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/30868
third-party-advisory
x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20080528.txt
x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200806-08.xml
vendor-advisory
x_refsource_GENTOO
http://sourceforge.net/project/shownotes.php?release_id=615606
x_refsource_CONFIRM
http://secunia.com/advisories/31288
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30405
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/29405
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2008/1937/references
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/31228
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
vendor-advisory
x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/661475
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Resource:
x_refsource_MISC
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://secunia.com/advisories/30852
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
Resource:
x_refsource_MISC
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/30460
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30825
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2008/1680
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1020121
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/usn-620-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/30868
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openssl.org/news/secadv_20080528.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-08.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=615606
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/31288
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30405
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/29405
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2008/1937/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/31228
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.kb.cert.org/vuls/id/661475
Resource:
third-party-advisory
x_refsource_CERT-VN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
x_refsource_MISC
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://secunia.com/advisories/30852
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
x_refsource_MISC
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/30460
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30825
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2008/1680
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1020121
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/usn-620-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/30868
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openssl.org/news/secadv_20080528.txt
x_refsource_CONFIRM
x_transferred
http://security.gentoo.org/glsa/glsa-200806-08.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://sourceforge.net/project/shownotes.php?release_id=615606
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/31288
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30405
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/29405
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2008/1937/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/31228
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.kb.cert.org/vuls/id/661475
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://secunia.com/advisories/30852
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/30460
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30825
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1680
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020121
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-620-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/30868
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openssl.org/news/secadv_20080528.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-08.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=615606
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/31288
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30405
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/29405
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1937/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/31228
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/661475
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:29 May, 2008 | 16:32
Updated At:07 Nov, 2023 | 02:01

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches

OpenSSL
openssl
>>openssl>>0.9.8f
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.8g
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

Organization : Red Hat
Last Modified : 2008-05-30T00:00:00

Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References
HyperlinkSourceResource
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/30405secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/30460secalert@redhat.com
N/A
http://secunia.com/advisories/30825secalert@redhat.com
N/A
http://secunia.com/advisories/30852secalert@redhat.com
N/A
http://secunia.com/advisories/30868secalert@redhat.com
N/A
http://secunia.com/advisories/31228secalert@redhat.com
N/A
http://secunia.com/advisories/31288secalert@redhat.com
N/A
http://security.gentoo.org/glsa/glsa-200806-08.xmlsecalert@redhat.com
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004secalert@redhat.com
N/A
http://sourceforge.net/project/shownotes.php?release_id=615606secalert@redhat.com
N/A
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400secalert@redhat.com
N/A
http://www.kb.cert.org/vuls/id/661475secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107secalert@redhat.com
N/A
http://www.openssl.org/news/secadv_20080528.txtsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/29405secalert@redhat.com
Patch
http://www.securitytracker.com/id?1020121secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-620-1secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/1680secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/1937/referencessecalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666secalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.htmlsecalert@redhat.com
N/A
Hyperlink: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30405
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/30460
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30825
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30852
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30868
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31228
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31288
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-08.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=615606
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/661475
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv_20080528.txt
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/29405
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1020121
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-620-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1680
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1937/references
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

52Records found

CVE-2007-3472
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-9.15% / 92.36%
||
7 Day CHG~0.00%
Published-28 Jun, 2007 | 18:00
Updated-07 Aug, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

Action-Not Available
Vendor-libgdn/a
Product-gd_graphics_libraryn/a
CWE ID-CWE-189
Not Available
CVE-2006-7230
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.48% / 84.68%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 19:00
Updated-07 Aug, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.

Action-Not Available
Vendor-pcren/a
Product-pcren/a
CWE ID-CWE-189
Not Available
  • Previous
  • 1
  • 2
  • Next
Details not found