CVE-2008-7129

EUVD-2008-7088
XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
xysslxyssl
𝑥
≤ 0.8
xysslxyssl
0.1
xysslxyssl
0.2
xysslxyssl
0.3
xysslxyssl
0.4
xysslxyssl
0.5
xysslxyssl
0.6
xysslxyssl
0.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xyssl
dapper
dne
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://osvdb.org/49101
http://polarssl.org/?archive#001c
http://www.vupen.com/english/advisories/2008/0917
https://exchange.xforce.ibmcloud.com/vulnerabilities/41255
http://osvdb.org/49101
http://polarssl.org/?archive#001c
http://www.vupen.com/english/advisories/2008/0917
https://exchange.xforce.ibmcloud.com/vulnerabilities/41255