Description

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Remediation

References

CVE-2004-0112

Related Vulnerabilities

WordPress Plugin Booking Package-Appointment Booking Calendar System Cross-Site Scripting (1.5.10)

WordPress Plugin Media from FTP Cross-Site Scripting (9.89)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4526)

XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31985)

WordPress Plugin WP Advanced Importer Cross-Site Scripting (2.1.1)

Severity

Medium

Classification

CVE-2004-0112 CWE-125

Tags

Missing Update Known Vulnerabilities