CVE-2008-1678 - Secunia Advisories - Vulnerability Intelligence

Secunia Advisories

CVE Reference: CVE-2008-1678
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1678

Description: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43948 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html SAID Secunia Advisory: SA31026 Secunia Advisory: SA31416 Secunia Advisory: SA32222 MLIST http://marc.info/?l=openssl-dev&m=121060672602371&w=2 GENTOO http://security.gentoo.org/glsa/glsa-200807-06.xml FEDORA CONFIRM http://support.apple.com/kb/HT3216 http://svn.apache.org/viewvc?view=rev&revision=654119 http://bugs.gentoo.org/show_bug.cgi?id=222643 BID 31692 31681 APPLE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Return to the previous page.