Search for vulnerabilities
Vulnerability details: VCID-cfsd-mafb-aaaq
Vulnerability ID VCID-cfsd-mafb-aaaq
Aliases CVE-2008-1672
VC-OPENSSL-20080528-CVE-2008-1672
Summary Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.04923 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.12382 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.12382 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.21264 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
epss 0.30577 https://api.first.org/data/v1/epss?cve=CVE-2008-1672
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=448495
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-1672
Reference id Reference type URL
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1672.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
http://secunia.com/advisories/30405
http://secunia.com/advisories/30460
http://secunia.com/advisories/30825
http://secunia.com/advisories/30852
http://secunia.com/advisories/30868
http://secunia.com/advisories/31228
http://secunia.com/advisories/31288
http://security.gentoo.org/glsa/glsa-200806-08.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
http://sourceforge.net/project/shownotes.php?release_id=615606
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
https://www.openssl.org/news/secadv/20080528.txt
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
http://www.kb.cert.org/vuls/id/520586
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
http://www.openssl.org/news/secadv_20080528.txt
http://www.securityfocus.com/archive/1/492932/100/0/threaded
http://www.securityfocus.com/bid/29405
http://www.securitytracker.com/id?1020122
http://www.ubuntu.com/usn/usn-620-1
http://www.vupen.com/english/advisories/2008/1680
http://www.vupen.com/english/advisories/2008/1937/references
448495 https://bugzilla.redhat.com/show_bug.cgi?id=448495
483379 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483379
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
CVE-2008-1672 https://nvd.nist.gov/vuln/detail/CVE-2008-1672
GLSA-200806-08 https://security.gentoo.org/glsa/200806-08
USN-620-1 https://usn.ubuntu.com/620-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1672
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93005
EPSS Score 0.04923
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.