Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f up to and including 0.9.8h allows remote malicious users to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 0.9.8g |
||
openssl openssl 0.9.8f |
||
openssl openssl 0.9.8h |