CVE-2008-0891
Published: 29 May 2008
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.
Notes
Author | Note |
---|---|
kees | I don't think we're compile with this option at all? |
jdstrand | tlsext not enabled until 0.9.8g-5, so this is negligible on hardy |