CVSS: 5.0EPSS: 0%CPEs: 245EXPL: 0CVE-2004-0112
https://notcve.org/view.php?id=CVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegación de servicio. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http: • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 4%CPEs: 59EXPL: 0CVE-2002-1265
https://notcve.org/view.php?id=CVE-2002-1265
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). La funcionalidad RPC de Sun en múltiples implementaciones de libc no provee de un mecanismo de exceso de tiempo cuando se leen datos de conexiones TCP, lo que permite a atacantes remotos causar una denegación de servicio (cuelgue) • ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082 http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1 http://www.info.apple.com/usen/security/security_updates.html http://www.iss.net/security_center/static/10539.php http://www.kb.cert.org/vuls/id/266817 http://www.securityfocus.com/bid/6103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m •