The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
Loading...
Loading...
This high-severity CVE scores 7.5 under NVD CVSS v3. EPSS exploit probability: 2.3%, top 15% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
A fix is available — apply it.
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
November 23, 2004
June 16, 2026
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| redhat | openssl096b-0:0.9.6b-22.42 | 2005-11-02 | redhat |
| redhat | patch | 2005-11-02 | redhat |
| redhat | openssl096b-0:0.9.6b-16 | 2004-03-17 | redhat |
| redhat | patch | 2004-03-17 | redhat |
| redhat | patch | 2004-03-17 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
RHSA-2004:120 — Important
RHSA-2004:121 — Important
RHSA-2004:139 — Important
RHSA-2005:829 — Important
RHSA-2005:830 — Important
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Explore the affected products and dependency analysis for CVE-2004-0079
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
redhat