CVE-2008-1678

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Resource Management Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2007-1858, CVE-2007-2691, CVE-2007-3385, CVE-2007-4850, CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-5969, CVE-2007-6286, CVE-2007-6420, CVE-2008-0002, CVE-2008-0226, CVE-2008-0227, CVE-2008-0674, CVE-2008-1232, CVE-2008-1389, CVE-2008-1767, CVE-2008-1947, CVE-2008-2079, CVE-2008-2364, CVE-2008-2370, CVE-2008-2371, CVE-2008-2712, CVE-2008-2938, CVE-2008-3294, CVE-2008-3432, CVE-2008-3641, CVE-2008-3642, CVE-2008-3643, CVE-2008-3645, CVE-2008-3646, CVE-2008-3647, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, CVE-2008-4101, CVE-2008-4211, CVE-2008-4212, CVE-2008-4214, CVE-2008-4215, CVE-2008-5515, CVE-2009-1195, CVE-2009-3555, CVE-2010-2227, CVE-2011-0286

Published on 10/07/08 - Updated on 29/09/17

Description

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

Category: Resource Management Error

CWE-399 (Resource Management Errors)
Weaknesses in this category are related to improper management of system resources.

Security Notices

US National Vulnerability DatabaseCVE-2008-1678
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-492, CERTA-2010-AVI-627, CERTA-2011-AVI-221
CentOS CESA-2009:1075
Redhat RHSA-2009:1075
Renater 2008/VULN417, 2011/VULN335

Exploits

SecurityFocusBID-31692

Relative technologies

VendorProduct
opensslopenssl

Share this vulnerability with:

Twitter Facebook LinkedIn Mail