CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Firewall_services_module	Cisco	*	*
Firewall_services_module	Cisco	1.1.2 (including)	1.1.2 (including)
Firewall_services_module	Cisco	1.1.3 (including)	1.1.3 (including)
Firewall_services_module	Cisco	1.1_(3.005) (including)	1.1_(3.005) (including)
Firewall_services_module	Cisco	2.1_(0.208) (including)	2.1_(0.208) (including)
Aaa_server	Hp	*	*
Apache-based_web_server	Hp	2.0.43.00 (including)	2.0.43.00 (including)
Apache-based_web_server	Hp	2.0.43.04 (including)	2.0.43.04 (including)
Clientless_vpn_gateway_4400	Symantec	5.0 (including)	5.0 (including)
Red Hat Enterprise Linux 3	RedHat	openssl-0:0.9.7a-33.4	*
Red Hat Enterprise Linux 3	RedHat	openssl096b-0:0.9.6b-16	*
Red Hat Enterprise Linux 3	RedHat	openssl096b-0:0.9.6b-16.42	*
Red Hat Enterprise Linux 4	RedHat	openssl096b-0:0.9.6b-22.42	*
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Enterprise Linux ES version 2.1	RedHat		*
Red Hat Enterprise Linux WS version 2.1	RedHat		*
Red Hat Linux 9	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*
Red Hat Stronghold 4	RedHat		*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0079
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References