Vulnerability in OpenSSL CVE-2004-0112

ID OPENSSL:CVE-2004-0112
Type openssl
Reporter OpenSSL
Modified 2004-03-17T00:00:00


A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. Reported by OpenSSL group (Stephen Henson).
  • Fixed in OpenSSL 0.9.7d (Affected 0.9.7a-0.9.7c)