Description

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Remediation

References

CVE-2008-1672

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.25)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-2601)

WordPress Plugin DELUCKS SEO Unspecified Vulnerability (1.2.2)

Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-14240)

Severity

Medium

Classification

CVE-2008-1672 CWE-476

Tags

Missing Update Known Vulnerabilities