CVE-2008-1678
EPSS 9.0%apache2 - denial of service (memory leak in mod_ssl)
發布日:2008/7/10修改日:2026/4/28
也稱為:DEBIAN-CVE-2008-1678
描述
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
受影響套件(2)
- Debian/apache2from 0, < 2.2.8-4
- Debian/apache2from 0, < 2.2.8-4~lenny1