CVE Vulnerabilities

CVE-2004-0079

NULL Pointer Dereference

Published: Nov 23, 2004 | Modified: Dec 28, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Firewall_services_module Cisco * *
Firewall_services_module Cisco 1.1.2 (including) 1.1.2 (including)
Firewall_services_module Cisco 1.1.3 (including) 1.1.3 (including)
Firewall_services_module Cisco 1.1_(3.005) (including) 1.1_(3.005) (including)
Firewall_services_module Cisco 2.1_(0.208) (including) 2.1_(0.208) (including)
Aaa_server Hp * *
Apache-based_web_server Hp 2.0.43.00 (including) 2.0.43.00 (including)
Apache-based_web_server Hp 2.0.43.04 (including) 2.0.43.04 (including)
Clientless_vpn_gateway_4400 Symantec 5.0 (including) 5.0 (including)
Red Hat Enterprise Linux 3 RedHat openssl-0:0.9.7a-33.4 *
Red Hat Enterprise Linux 3 RedHat openssl096b-0:0.9.6b-16 *
Red Hat Enterprise Linux 3 RedHat openssl096b-0:0.9.6b-16.42 *
Red Hat Enterprise Linux 4 RedHat openssl096b-0:0.9.6b-22.42 *
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 RedHat *
Red Hat Enterprise Linux ES version 2.1 RedHat *
Red Hat Enterprise Linux WS version 2.1 RedHat *
Red Hat Linux 9 RedHat *
Red Hat Linux Advanced Workstation 2.1 RedHat *
Red Hat Stronghold 4 RedHat *

Potential Mitigations

References