CVE-2008-0891 | Vulnerability Database | Aqua Security

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.8f (including)	0.9.8f (including)
Openssl	Openssl	0.9.8g (including)	0.9.8g (including)
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	hardy	*
Openssl	Ubuntu	upstream	*

References

http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
http://secunia.com/advisories/30405
http://secunia.com/advisories/30460
http://secunia.com/advisories/30825
http://secunia.com/advisories/30852
http://secunia.com/advisories/30868
http://secunia.com/advisories/31228
http://secunia.com/advisories/31288
http://security.gentoo.org/glsa/glsa-200806-08.xml
http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.562004
http://sourceforge.net/project/shownotes.php?release_id=615606
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738400
http://www.kb.cert.org/vuls/id/661475
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
http://www.openssl.org/news/secadv_20080528.txt
http://www.securityfocus.com/bid/29405
http://www.securitytracker.com/id?1020121
http://www.ubuntu.com/usn/usn-620-1
http://www.vupen.com/english/advisories/2008/1680
http://www.vupen.com/english/advisories/2008/1937/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-0891
CWE	https://cwe.mitre.org/data/definitions/189.html