Unrated severityNVD Advisory· Published Jul 10, 2008· Updated Jun 16, 2026
CVE-2008-1678
CVE-2008-1678
Description
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- (no CPE)range: 0.9.8f - 0.9.8h
Patches
Vulnerability mechanics
References
32- marc.infonvdExploit
- bugs.edge.launchpad.net/bugs/224945nvdExploit
- secunia.com/advisories/31026nvdVendor Advisory
- bugs.gentoo.org/show_bug.cginvd
- lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.htmlnvd
- secunia.com/advisories/31416nvd
- secunia.com/advisories/32222nvd
- secunia.com/advisories/34219nvd
- secunia.com/advisories/35264nvd
- secunia.com/advisories/38761nvd
- secunia.com/advisories/42724nvd
- secunia.com/advisories/42733nvd
- secunia.com/advisories/44183nvd
- security.gentoo.org/glsa/glsa-200807-06.xmlnvd
- securityreason.com/securityalert/3981nvd
- slackware.com/security/viewer.phpnvd
- support.apple.com/kb/HT3216nvd
- svn.apache.org/viewvcnvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2009-1075.htmlnvd
- www.securityfocus.com/bid/31681nvd
- www.securityfocus.com/bid/31692nvd
- www.ubuntu.com/usn/USN-731-1nvd
- www.vupen.com/english/advisories/2008/2780nvd
- bugs.edge.launchpad.net/bugs/186339nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/43948nvd
- issues.apache.org/bugzilla/show_bug.cginvd
- kb.bluecoat.com/indexnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9754nvd
- www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.htmlnvd
News mentions
0No linked articles in our index yet.