Search for vulnerabilities
Vulnerability details: VCID-8ev4-wfhv-aaah
Vulnerability ID VCID-8ev4-wfhv-aaah
Aliases CVE-2008-0891
VC-OPENSSL-20080528-CVE-2008-0891
Summary Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause it to crash.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12826 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12945 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12945 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.12945 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.13357 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
epss 0.2067 https://api.first.org/data/v1/epss?cve=CVE-2008-0891
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=448492
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-0891
Reference id Reference type URL
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0891.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891
http://secunia.com/advisories/30405
http://secunia.com/advisories/30460
http://secunia.com/advisories/30825
http://secunia.com/advisories/30852
http://secunia.com/advisories/30868
http://secunia.com/advisories/31228
http://secunia.com/advisories/31288
http://security.gentoo.org/glsa/glsa-200806-08.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
http://sourceforge.net/project/shownotes.php?release_id=615606
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
https://www.openssl.org/news/secadv/20080528.txt
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
http://www.kb.cert.org/vuls/id/661475
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
http://www.openssl.org/news/secadv_20080528.txt
http://www.securityfocus.com/bid/29405
http://www.securitytracker.com/id?1020121
http://www.ubuntu.com/usn/usn-620-1
http://www.vupen.com/english/advisories/2008/1680
http://www.vupen.com/english/advisories/2008/1937/references
448492 https://bugzilla.redhat.com/show_bug.cgi?id=448492
483379 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483379
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
CVE-2008-0891 https://nvd.nist.gov/vuln/detail/CVE-2008-0891
GLSA-200806-08 https://security.gentoo.org/glsa/200806-08
USN-620-1 https://usn.ubuntu.com/620-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0891
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92559
EPSS Score 0.10511
Published At April 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.