Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssl | Openssl | * | 0.9.8l (including) |
| Openssl | Openssl | 0.9.1c (including) | 0.9.1c (including) |
| Openssl | Openssl | 0.9.2b (including) | 0.9.2b (including) |
| Openssl | Openssl | 0.9.3 (including) | 0.9.3 (including) |
| Openssl | Openssl | 0.9.3a (including) | 0.9.3a (including) |
| Openssl | Openssl | 0.9.4 (including) | 0.9.4 (including) |
| Openssl | Openssl | 0.9.5 (including) | 0.9.5 (including) |
| Openssl | Openssl | 0.9.5-beta1 (including) | 0.9.5-beta1 (including) |
| Openssl | Openssl | 0.9.5-beta2 (including) | 0.9.5-beta2 (including) |
| Openssl | Openssl | 0.9.5a (including) | 0.9.5a (including) |
| Openssl | Openssl | 0.9.5a-beta1 (including) | 0.9.5a-beta1 (including) |
| Openssl | Openssl | 0.9.5a-beta2 (including) | 0.9.5a-beta2 (including) |
| Openssl | Openssl | 0.9.6 (including) | 0.9.6 (including) |
| Openssl | Openssl | 0.9.6-beta1 (including) | 0.9.6-beta1 (including) |
| Openssl | Openssl | 0.9.6-beta2 (including) | 0.9.6-beta2 (including) |
| Openssl | Openssl | 0.9.6-beta3 (including) | 0.9.6-beta3 (including) |
| Openssl | Openssl | 0.9.6a (including) | 0.9.6a (including) |
| Openssl | Openssl | 0.9.6a-beta1 (including) | 0.9.6a-beta1 (including) |
| Openssl | Openssl | 0.9.6a-beta2 (including) | 0.9.6a-beta2 (including) |
| Openssl | Openssl | 0.9.6a-beta3 (including) | 0.9.6a-beta3 (including) |
| Openssl | Openssl | 0.9.6b (including) | 0.9.6b (including) |
| Openssl | Openssl | 0.9.6c (including) | 0.9.6c (including) |
| Openssl | Openssl | 0.9.6d (including) | 0.9.6d (including) |
| Openssl | Openssl | 0.9.6e (including) | 0.9.6e (including) |
| Openssl | Openssl | 0.9.6f (including) | 0.9.6f (including) |
| Openssl | Openssl | 0.9.6g (including) | 0.9.6g (including) |
| Openssl | Openssl | 0.9.6h (including) | 0.9.6h (including) |
| Openssl | Openssl | 0.9.6i (including) | 0.9.6i (including) |
| Openssl | Openssl | 0.9.6j (including) | 0.9.6j (including) |
| Openssl | Openssl | 0.9.6k (including) | 0.9.6k (including) |
| Openssl | Openssl | 0.9.6l (including) | 0.9.6l (including) |
| Openssl | Openssl | 0.9.6m (including) | 0.9.6m (including) |
| Openssl | Openssl | 0.9.7 (including) | 0.9.7 (including) |
| Openssl | Openssl | 0.9.7-beta1 (including) | 0.9.7-beta1 (including) |
| Openssl | Openssl | 0.9.7-beta2 (including) | 0.9.7-beta2 (including) |
| Openssl | Openssl | 0.9.7-beta3 (including) | 0.9.7-beta3 (including) |
| Openssl | Openssl | 0.9.7-beta4 (including) | 0.9.7-beta4 (including) |
| Openssl | Openssl | 0.9.7-beta5 (including) | 0.9.7-beta5 (including) |
| Openssl | Openssl | 0.9.7-beta6 (including) | 0.9.7-beta6 (including) |
| Openssl | Openssl | 0.9.7a (including) | 0.9.7a (including) |
| Openssl | Openssl | 0.9.7b (including) | 0.9.7b (including) |
| Openssl | Openssl | 0.9.7c (including) | 0.9.7c (including) |
| Openssl | Openssl | 0.9.7d (including) | 0.9.7d (including) |
| Openssl | Openssl | 0.9.7e (including) | 0.9.7e (including) |
| Openssl | Openssl | 0.9.7f (including) | 0.9.7f (including) |
| Openssl | Openssl | 0.9.7g (including) | 0.9.7g (including) |
| Openssl | Openssl | 0.9.7h (including) | 0.9.7h (including) |
| Openssl | Openssl | 0.9.7i (including) | 0.9.7i (including) |
| Openssl | Openssl | 0.9.7j (including) | 0.9.7j (including) |
| Openssl | Openssl | 0.9.7k (including) | 0.9.7k (including) |
| Openssl | Openssl | 0.9.7l (including) | 0.9.7l (including) |
| Openssl | Openssl | 0.9.7m (including) | 0.9.7m (including) |
| Openssl | Openssl | 0.9.8 (including) | 0.9.8 (including) |
| Openssl | Openssl | 0.9.8a (including) | 0.9.8a (including) |
| Openssl | Openssl | 0.9.8b (including) | 0.9.8b (including) |
| Openssl | Openssl | 0.9.8c (including) | 0.9.8c (including) |
| Openssl | Openssl | 0.9.8d (including) | 0.9.8d (including) |
| Openssl | Openssl | 0.9.8e (including) | 0.9.8e (including) |
| Openssl | Openssl | 0.9.8f (including) | 0.9.8f (including) |
| Openssl | Openssl | 0.9.8g (including) | 0.9.8g (including) |
| Openssl | Openssl | 0.9.8h (including) | 0.9.8h (including) |
| Openssl | Openssl | 0.9.8i (including) | 0.9.8i (including) |
| Openssl | Openssl | 0.9.8j (including) | 0.9.8j (including) |
| Openssl | Openssl | 0.9.8k (including) | 0.9.8k (including) |
| Openssl | Redhat | 0.9.6-15 (including) | 0.9.6-15 (including) |
| Openssl | Redhat | 0.9.6b-3 (including) | 0.9.6b-3 (including) |
| Openssl | Redhat | 0.9.7a-2 (including) | 0.9.7a-2 (including) |
| Openssl | Ubuntu | dapper | * |
| Openssl | Ubuntu | devel | * |
| Openssl | Ubuntu | hardy | * |
| Openssl | Ubuntu | intrepid | * |
| Openssl | Ubuntu | jaunty | * |
| Openssl | Ubuntu | karmic | * |
| Red Hat Enterprise Linux 5 | RedHat | openssl-0:0.9.8e-12.el5_4.1 | * |