The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssl | Openssl | 0.9.7 (including) | 0.9.7 (including) |
| Openssl | Openssl | 0.9.7a (including) | 0.9.7a (including) |
| Openssl | Openssl | 0.9.7b (including) | 0.9.7b (including) |
| Openssl | Openssl | 0.9.7c (including) | 0.9.7c (including) |
| Openssl | Openssl | 0.9.7d (including) | 0.9.7d (including) |
| Openssl | Openssl | 0.9.7e (including) | 0.9.7e (including) |
| Openssl | Openssl | 0.9.7f (including) | 0.9.7f (including) |
| Openssl | Openssl | 0.9.7g (including) | 0.9.7g (including) |
| Openssl | Openssl | 0.9.7h (including) | 0.9.7h (including) |
| Openssl | Openssl | 0.9.7i (including) | 0.9.7i (including) |
| Openssl | Openssl | 0.9.7j (including) | 0.9.7j (including) |
| Openssl | Openssl | 0.9.7k (including) | 0.9.7k (including) |
| Openssl | Openssl | 0.9.8 (including) | 0.9.8 (including) |
| Openssl | Openssl | 0.9.8a (including) | 0.9.8a (including) |
| Openssl | Openssl | 0.9.8b (including) | 0.9.8b (including) |
| Openssl | Openssl | 0.9.8c (including) | 0.9.8c (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | openssl-0:0.9.6b-46 | * |
| Red Hat Enterprise Linux 2.1 | RedHat | openssl095a-0:0.9.5a-32 | * |
| Red Hat Enterprise Linux 2.1 | RedHat | openssl096-0:0.9.6-32 | * |
| Red Hat Enterprise Linux 3 | RedHat | openssl-0:0.9.7a-33.21 | * |
| Red Hat Enterprise Linux 3 | RedHat | openssl096b-0:0.9.6b-16.46 | * |
| Red Hat Enterprise Linux 4 | RedHat | openssl-0:0.9.7a-43.14 | * |
| Red Hat Enterprise Linux 4 | RedHat | openssl096b-0:0.9.6b-22.46 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn-solaris-bootstrap-0:5.0.2-3 | * |
| Red Hat Network Satellite Server v 4.2 | RedHat | rhn_solaris_bootstrap_5_0_2_3-0:1-0 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn-solaris-bootstrap-0:5.0.2-3 | * |
| Red Hat Network Satellite Server v 4.2 (RHEL3) | RedHat | rhn_solaris_bootstrap_5_0_2_3-0:1-0 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | rhn-solaris-bootstrap-0:5.0.2-3 | * |
| Red Hat Network Satellite Server v 5.0 | RedHat | rhn_solaris_bootstrap_5_0_2_3-0:1-0 | * |
| Red Hat Network Satellite Server v 5.1 | RedHat | rhn-solaris-bootstrap-0:5.1.1-3 | * |
| Red Hat Network Satellite Server v 5.1 | RedHat | rhn_solaris_bootstrap_5_1_1_3-0:1-0 | * |
| Openssl | Ubuntu | dapper | * |
| Openssl | Ubuntu | devel | * |
| Openssl | Ubuntu | edgy | * |
| Openssl | Ubuntu | feisty | * |
| Openssl097 | Ubuntu | dapper | * |
| Openssl097 | Ubuntu | devel | * |
| Openssl097 | Ubuntu | edgy | * |
| Openssl097 | Ubuntu | feisty | * |