OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability

OpenSSL is prone to a remote denial-of-service vulnerability.

Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users.

This issue affects OpenSSL 0.9.8f through 0.9.8h.

UPDATE (January 13, 2010): Initial fixes for this issue addressed the known attack vector, but failed to fix the underlying vulnerability. This issue can be exploited through other vectors. New fixes are available to resolve the underlying vulnerability.


 

Privacy Statement
Copyright 2010, SecurityFocus