The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVSS v3.1 Score
7.5
/ 10.0
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Information
- Published
- 23 nov. 2004
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
cisco firewall services module
Versions : 1.1.2, 1.1.3, 1.1_\(3.005\), 2.1_\(0.208\)
hp aaa server
hp apache-based web server
Versions : 2.0.43.00, 2.0.43.04
symantec clientless vpn gateway 4400
Versions : 5.0
cisco ciscoworks common management foundation
Versions : 2.1
cisco ciscoworks common services
Versions : 2.2
avaya converged communications server
Versions : 2.0
avaya sg200
Versions : 4.4, 4.31.29
Weaknesses (CWE)
CWE-476CWE-476
References (90)
- http://fedoranews.org/updates/FEDORA-2004-095.shtmlThird Party Advisory
- http://secunia.com/advisories/11139Broken Link
- http://secunia.com/advisories/17381Broken Link
- http://secunia.com/advisories/17398Broken Link
- http://secunia.com/advisories/17401Broken Link
- + 75 more references on NVD
Similar CVEs
Other vulnerabilities of type CWE-476
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.