| CVE-2004-0079 | Hig | 0.49 | 7.5 | 0.02 | | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. |
| CVE-2004-0081 | | 0.00 | — | 0.02 | | Nov 23, 2004 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. |
| CVE-2004-0112 | | 0.00 | — | 0.01 | | Nov 23, 2004 | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. |
