CVE-2008-0891

EPSS 11.3%

openssl - multiple vulnerabilities

Published: 5/29/2008Modified: 4/28/2026

Description

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

Affected packages (2)

Debian/opensslfrom 0, < 0.9.8g-10.1
Debian/opensslfrom 0, < 0.9.8g-10+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-0891