Description

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Remediation

References

CVE-2008-1672

Related Vulnerabilities

Microsoft SQL Server CVE-2023-23384 Vulnerability (CVE-2023-23384)

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)

WordPress Plugin Auto Affiliate Links Multiple SQL Injection Vulnerabilities (4.9.9.4)

Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)

Oracle JRE CVE-2022-21366 Vulnerability (CVE-2022-21366)

Severity

Medium

Classification

CVE-2008-1672 CWE-476

Tags

Missing Update Known Vulnerabilities