9.3 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.132 Low
EPSS
Percentile
95.5%
It was discovered that OpenSSL was vulnerable to a double-free
when using TLS server extensions. A remote attacker could send a
crafted packet and cause a denial of service via application crash
in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
compile TLS server extensions by default. (CVE-2008-0891)
It was discovered that OpenSSL could dereference a NULL pointer.
If a user or automated system were tricked into connecting to a
malicious server with particular cipher suites, a remote attacker
could cause a denial of service via application crash.
(CVE-2008-1672)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | libssl0.9.8 | <Β 0.9.8g-4ubuntu3.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libcrypto0.9.8-udeb | <Β 0.9.8g-4ubuntu3.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl-dev | <Β 0.9.8g-4ubuntu3.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl0.9.8-dbg | <Β 0.9.8g-4ubuntu3.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | openssl | <Β 0.9.8g-4ubuntu3.3 | UNKNOWN |