First published: Thu May 29 2008(Updated: )
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenSSL OpenSSL | =0.9.8g | |
OpenSSL OpenSSL | =0.9.8f | |
Canonical Ubuntu Linux | =8.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.