CVE-2004-0112
published 2004-11-23CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets…
medium5CVSS 3.1
AVNACLAuNCNINAP
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Affected
210 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 4d | webstar | — | — |
| 4d | webstar | — | — |
| 4d | webstar | — | — |
| 4d | webstar | — | — |
| 4d | webstar | — | — |
| 4d | webstar | — | — |
| 4d | webstar | — | — |
| 4d | webstar | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
| avaya | converged_communications_server | — | — |
| avaya | intuity_audix | — | — |
| avaya | intuity_audix | — | — |
| avaya | intuity_audix | — | — |
| avaya | s8300 | — | — |
| avaya | s8300 | — | — |
| avaya | s8500 | — | — |
| avaya | s8500 | — | — |
| avaya | s8700 | — | — |
| avaya | s8700 | — | — |
| avaya | sg200 | — | — |
| avaya | sg200 | — | — |
| avaya | sg203 | — | — |
| avaya | sg203 | — | — |
| avaya | sg208 | — | — |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv5.0MEDIUM