Description

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Remediation

References

CVE-2004-0079

Related Vulnerabilities

Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.14)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.3)

WordPress Plugin Responsive Lightbox2 Cross-Site Scripting (1.0.2)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4203)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2827)

Severity

High

Classification

CVE-2004-0079 CWE-476 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities