CVE-2008-1678

Severity

50%

Complexity

99%

Confidentiality

48%

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

OpenSSL Project OpenSSL

First reported 16 years ago

2008-07-10 17:41:00

Last updated 7 years ago

2017-09-29 01:30:00

Affected Software

OpenSSL Project OpenSSL 0.9.8f

0.9.8f

OpenSSL Project OpenSSL 0.9.8g

0.9.8g

OpenSSL Project OpenSSL 0.9.8h

0.9.8h

References

http://bugs.gentoo.org/show_bug.cgi?id=222643

APPLE-SA-2008-10-09

SUSE-SR:2008:024

[openssl-dev] 20080512 possible memory leak in zlib compression

Exploit

31026

Vendor Advisory

31416

32222

34219

35264

38761

42724

42733

44183

GLSA-200807-06

3981

SSA:2010-060-02

http://support.apple.com/kb/HT3216

http://svn.apache.org/viewvc?view=rev&revision=654119

MDVSA-2009:124

RHSA-2009:1075

31681

31692

USN-731-1

ADV-2008-2780

https://bugs.edge.launchpad.net/bugs/186339

https://bugs.edge.launchpad.net/bugs/224945

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=447268

openssl-libssl-dos(43948)

https://issues.apache.org/bugzilla/show_bug.cgi?id=44975

https://kb.bluecoat.com/index?page=content&id=SA50

oval:org.mitre.oval:def:9754

FEDORA-2008-6393

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.