← back
CVE-2004-0112

CVE-2004-0112

EPSS 10.4%
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txthttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834http://docs.info.apple.com/article.html?artnum=61798http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttp://lists.apple.com/mhonarc/security-announce/msg00045.htmlhttp://marc.info/?l=bugtraq&m=107953412903636&w=2http://marc.info/?l=bugtraq&m=108403806509920&w=2http://secunia.com/advisories/11139http://security.gentoo.org/glsa/glsa-200403-03.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/15508