The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVSS v2.0 Score
5.0
/ 10.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Information
- Published
- 23 nov. 2004
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
cisco firewall services module
Versions : 1.1.2, 1.1.3, 1.1_\(3.005\), 2.1_\(0.208\)
hp aaa server
hp apache-based web server
Versions : 2.0.43.00, 2.0.43.04
symantec clientless vpn gateway 4400
Versions : 5.0
cisco ciscoworks common management foundation
Versions : 2.1
cisco ciscoworks common services
Versions : 2.2
avaya converged communications server
Versions : 2.0
avaya sg200
Versions : 4.4, 4.31.29
Weaknesses (CWE)
CWE-125
References (58)
- http://marc.info/?l=bugtraq&m=107953412903636&w=2Mailing ListThird Party Advisory
- http://marc.info/?l=bugtraq&m=108403806509920&w=2Mailing ListThird Party Advisory
- http://secunia.com/advisories/11139Broken Link
- http://security.gentoo.org/glsa/glsa-200403-03.xmlThird Party Advisory
- http://www.kb.cert.org/vuls/id/484726Third Party AdvisoryUS Government Resource
- + 43 more references on NVD
Similar CVEs
Other vulnerabilities of type CWE-125
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.