CVE-2004-0079

CVE Database · CVE-2004-0079

CVE-2004-0079

· HIGHModified

CVSS v3.1

7.5

EPSS

9.54%

Published

Nov 23, 2004

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-476CWE-476

Affected Products (252)

cisco · firewall_services_modulevulnerable

hp · aaa_servervulnerable

hp · apache-based_web_servervulnerable

symantec · clientless_vpn_gateway_4400vulnerable

cisco · ciscoworks_common_management_foundationvulnerable

References (20)

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc

Broken Link

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc

Broken Link

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt

Broken Link

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834

Broken Link

http://docs.info.apple.com/article.html?artnum=61798

Broken Link

http://fedoranews.org/updates/FEDORA-2004-095.shtml

Third Party Advisory

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

KEV Catalog EPSS Scores Vendors All CVEs