OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others.
OpenSSL prior to version 0.9.6d does not properly handle unknown message types. An attacker could cause the application using OpenSSL to enter an infinite loop, resulting in a denial of service.
An unauthenticated, remote attacker could cause a denial of service in an application that uses OpenSSL.
Upgrade or Patch
This vulnerability was reported by the OpenSSL Project and the U.K. National Infrastructure Security Co-ordination Centre (NISCC).
|Date First Published:||2004-03-17|
|Date Last Updated:||2005-05-06 17:31 UTC|