OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt cve-icon cve-icon
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc cve-icon cve-icon
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 cve-icon cve-icon
http://fedoranews.org/updates/FEDORA-2004-095.shtml cve-icon cve-icon
http://marc.info/?l=bugtraq&m=107955049331965&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=108403850228012&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2004-119.html cve-icon cve-icon
http://secunia.com/advisories/11139 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200403-03.xml cve-icon cve-icon
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524 cve-icon cve-icon
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml cve-icon cve-icon
http://www.debian.org/security/2004/dsa-465 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/465542 cve-icon cve-icon
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2004-120.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2004-121.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2004-139.html cve-icon cve-icon
http://www.securityfocus.com/bid/9899 cve-icon cve-icon
http://www.trustix.org/errata/2004/0012 cve-icon cve-icon
http://www.uniras.gov.uk/vuls/2004/224012/index.htm cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA04-078A.html cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/15509 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2004-0081 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2004-0081 cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.03435}

epss

{'score': 0.02271}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-08T00:01:23.650Z

Reserved: 2004-01-19T00:00:00

Link: CVE-2004-0081

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2004-11-23T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-0081

cve-icon Redhat

Severity : Low

Publid Date: 2004-03-17T00:00:00Z

Links: CVE-2004-0081 - Bugzilla

cve-icon OpenCVE Enrichment

No data.