Description

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Remediation

References

CVE-2008-1672

Related Vulnerabilities

WordPress 4.4.x Arbitrary File Deletion Vulnerability (4.4 - 4.4.15)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)

Ramda Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-42581)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26593)

WordPress Plugin Virim PHP Object Injection (0.4)

Severity

Medium

Classification

CVE-2008-1672 CWE-476

Tags

Missing Update Known Vulnerabilities