5 matches found
CVE-2004-0079
The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...
CVE-2004-0081
CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...
CVE-2004-0112
The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...
CVE-2003-0851
CVE-2003-0851 describes a DoS in OpenSSL’s ASN.1 parser caused by large recursion in malformed ASN.1 sequences. Public diagnostics in the connected data tie the issue to OpenSSL 0.9.6k and older, with Red Hat/Fedora advisories noting fixes in later OpenSSL releases (e.g., 0.9.6l or newer). The vu...
CVE-2002-1024
Technical details for CVE-2002-1024 are not publicly available in the provided connected documents. Monitor for updates in the Vulners feed for affected products, versions, impact, and fixes.