7.5
CWE
NVD-CWE-Other 119
Advisory Published
Updated

CVE-2004-0826: Buffer Overflow

First published: Thu Sep 02 2004(Updated: )

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Netscape Enterprise Server=3.5
iPlanet Web Server=4.1
Mozilla NSS ESR=3.6.1
Mozilla NSS ESR=3.2
Netscape Enterprise Server=4.0
iPlanet Web Server=6.0-sp3
Oracle GlassFish Server=6.0-sp1
Sun ONE Application Server=7.0
iPlanet Web Server=6.1
iPlanet Web Server=6.1-sp1
Netscape Directory Server=4.1
Mozilla NSS ESR=3.7.7
Mozilla NSS ESR=3.7.5
Mozilla NSS ESR=3.7.1
iPlanet Web Server=4.1-sp11
Netscape Enterprise Server=4.1.1
Netscape Enterprise Server=3.6
Netscape Enterprise Server=4.1-sp8
Netscape Directory Server=1.3-patch5
Oracle GlassFish Server=6.0
Mozilla NSS ESR=3.6
iPlanet Web Server=6.0-sp5
Netscape Enterprise Server=3.6
Netscape Directory Server=3.1-patch1
Netscape Enterprise Server=2.0a
Mozilla NSS ESR=3.2.1
iPlanet Web Server=4.1-sp3
Netscape Certificate Server=1.0-patch1
iPlanet Web Server=4.1-sp1
Netscape Enterprise Server=4.1-sp5
Sun Java Enterprise System=2003q4
Netscape Enterprise Server=3.0.1b
Netscape Enterprise Server=3.0.1
Sun ONE Application Server=7.1
Sun Java Enterprise System=2004q2
Netscape Enterprise Server=2.0
iPlanet Web Server=4.1-sp6
Netscape Enterprise Server=3.0.7a
iPlanet Web Server=6.0-sp7
iPlanet Web Server=4.1-sp5
Mozilla NSS ESR=3.9
iPlanet Web Server=6.1-sp2
Mozilla NSS ESR=3.4
Netscape Enterprise Server=4.1-sp7
iPlanet Web Server=4.1-sp14
iPlanet Web Server=4.1-sp2
iPlanet Web Server=4.1-sp9
Mozilla NSS ESR=3.8
iPlanet Web Server=6.0-sp8
Netscape Enterprise Server=3.6-sp3
Mozilla NSS ESR=3.4.1
Mozilla NSS ESR=3.7
Netscape Enterprise Server=3.6-sp1
Mozilla NSS ESR=3.7.2
Mozilla NSS ESR=3.3
Netscape Enterprise Server=3.1
iPlanet Web Server=4.1-sp8
Mozilla NSS ESR=3.7.3
Netscape Directory Server=3.12
Netscape Enterprise Server=3.4
Mozilla NSS ESR=3.4.2
iPlanet Web Server=4.1-sp7
iPlanet Web Server=4.1-sp12
Netscape Certificate Server=4.2
Netscape Personalization Engine
Mozilla NSS ESR=3.3.2
Sun ONE Application Server=7.0
Netscape Enterprise Server=4.1-sp3
Oracle GlassFish Server=6.0-sp2
Netscape Directory Server=4.11
Netscape Enterprise Server=2.0.1c
Netscape Enterprise Server=3.0
Netscape Enterprise Server=3.5
Netscape Enterprise Server=5.0
Netscape Enterprise Server=4.1-sp4
Mozilla NSS ESR=3.5
Sun ONE Application Server=7.0-ur4
iPlanet Web Server=4.1-sp13
iPlanet Web Server=6.0-sp4
iPlanet Web Server=4.1-sp4
Netscape Enterprise Server=3.3
Netscape Directory Server=4.13
Netscape Enterprise Server=3.2
Netscape Enterprise Server=4.1-sp6
Sun ONE Application Server=7.0
Netscape Enterprise Server=3.5.1
Netscape Enterprise Server=3.6-sp2
iPlanet Web Server=4.1-sp10
Mozilla NSS ESR=3.3.1
Netscape Enterprise Server=3.0l
HPE HP-UX=11.11
HPE HP-UX=11.00
HPE HP-UX=11.23

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2004-0826?

    CVE-2004-0826 has a high severity rating due to its potential for remote code execution.

  • How do I fix CVE-2004-0826?

    To fix CVE-2004-0826, update the Netscape Network Security Services library to a patched version.

  • What systems are affected by CVE-2004-0826?

    CVE-2004-0826 affects multiple versions of the Netscape Network Security Services library, including versions 3.2 through 3.9.

  • What kind of attack does CVE-2004-0826 allow?

    CVE-2004-0826 allows remote attackers to execute arbitrary code on affected systems.

  • When was CVE-2004-0826 disclosed?

    CVE-2004-0826 was disclosed in 2004, revealing significant vulnerabilities in SSLv2.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203