CVE-2004-0826: Buffer Overflow
First published: Thu Sep 02 2004(Updated: )
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla NSS ESR | =3.2 | |
| Mozilla NSS ESR | =3.2.1 | |
| Mozilla NSS ESR | =3.3 | |
| Mozilla NSS ESR | =3.3.1 | |
| Mozilla NSS ESR | =3.3.2 | |
| Mozilla NSS ESR | =3.4 | |
| Mozilla NSS ESR | =3.4.1 | |
| Mozilla NSS ESR | =3.4.2 | |
| Mozilla NSS ESR | =3.5 | |
| Mozilla NSS ESR | =3.6 | |
| Mozilla NSS ESR | =3.6.1 | |
| Mozilla NSS ESR | =3.7 | |
| Mozilla NSS ESR | =3.7.1 | |
| Mozilla NSS ESR | =3.7.2 | |
| Mozilla NSS ESR | =3.7.3 | |
| Mozilla NSS ESR | =3.7.5 | |
| Mozilla NSS ESR | =3.7.7 | |
| Mozilla NSS ESR | =3.8 | |
| Mozilla NSS ESR | =3.9 | |
| Netscape Certificate Server | =1.0-patch1 | |
| Netscape Certificate Server | =4.2 | |
| Netscape Directory Server | =1.3-patch5 | |
| Netscape Directory Server | =3.1-patch1 | |
| Netscape Directory Server | =3.12 | |
| Netscape Directory Server | =4.1 | |
| Netscape Directory Server | =4.11 | |
| Netscape Directory Server | =4.13 | |
| Netscape Enterprise Server | =2.0 | |
| Netscape Enterprise Server | =2.0.1c | |
| Netscape Enterprise Server | =2.0a | |
| Netscape Enterprise Server | =3.0 | |
| Netscape Enterprise Server | =3.0.1 | |
| Netscape Enterprise Server | =3.0.1b | |
| Netscape Enterprise Server | =3.0.7a | |
| Netscape Enterprise Server | =3.0l | |
| Netscape Enterprise Server | =3.1 | |
| Netscape Enterprise Server | =3.2 | |
| Netscape Enterprise Server | =3.3 | |
| Netscape Enterprise Server | =3.4 | |
| Netscape Enterprise Server | =3.5 | |
| Netscape Enterprise Server | =3.5 | |
| Netscape Enterprise Server | =3.5.1 | |
| Netscape Enterprise Server | =3.6 | |
| Netscape Enterprise Server | =3.6 | |
| Netscape Enterprise Server | =3.6-sp1 | |
| Netscape Enterprise Server | =3.6-sp2 | |
| Netscape Enterprise Server | =3.6-sp3 | |
| Netscape Enterprise Server | =4.0 | |
| Netscape Enterprise Server | =4.1-sp3 | |
| Netscape Enterprise Server | =4.1-sp4 | |
| Netscape Enterprise Server | =4.1-sp5 | |
| Netscape Enterprise Server | =4.1-sp6 | |
| Netscape Enterprise Server | =4.1-sp7 | |
| Netscape Enterprise Server | =4.1-sp8 | |
| Netscape Enterprise Server | =4.1.1 | |
| Netscape Enterprise Server | =5.0 | |
| Netscape Personalization Engine | ||
| Sun Java Enterprise System | =2003q4 | |
| Sun Java Enterprise System | =2004q2 | |
| Sun ONE Application Server | =7.0 | |
| Sun ONE Application Server | =7.0 | |
| Sun ONE Application Server | =7.0 | |
| Sun ONE Application Server | =7.0-ur4 | |
| Sun ONE Application Server | =7.1 | |
| Sun ONE Application Server | =6.0 | |
| Sun ONE Application Server | =6.0-sp1 | |
| Sun ONE Application Server | =6.0-sp2 | |
| iPlanet Web Server | =4.1 | |
| iPlanet Web Server | =4.1-sp1 | |
| iPlanet Web Server | =4.1-sp10 | |
| iPlanet Web Server | =4.1-sp11 | |
| iPlanet Web Server | =4.1-sp12 | |
| iPlanet Web Server | =4.1-sp13 | |
| iPlanet Web Server | =4.1-sp14 | |
| iPlanet Web Server | =4.1-sp2 | |
| iPlanet Web Server | =4.1-sp3 | |
| iPlanet Web Server | =4.1-sp4 | |
| iPlanet Web Server | =4.1-sp5 | |
| iPlanet Web Server | =4.1-sp6 | |
| iPlanet Web Server | =4.1-sp7 | |
| iPlanet Web Server | =4.1-sp8 | |
| iPlanet Web Server | =4.1-sp9 | |
| iPlanet Web Server | =6.0-sp3 | |
| iPlanet Web Server | =6.0-sp4 | |
| iPlanet Web Server | =6.0-sp5 | |
| iPlanet Web Server | =6.0-sp7 | |
| iPlanet Web Server | =6.0-sp8 | |
| iPlanet Web Server | =6.1 | |
| iPlanet Web Server | =6.1-sp1 | |
| iPlanet Web Server | =6.1-sp2 | |
| HPE HP-UX | =11.00 | |
| HPE HP-UX | =11.11 | |
| HPE HP-UX | =11.23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-0826?
CVE-2004-0826 has a high severity rating due to its potential for remote code execution.
How do I fix CVE-2004-0826?
To fix CVE-2004-0826, update the Netscape Network Security Services library to a patched version.
What systems are affected by CVE-2004-0826?
CVE-2004-0826 affects multiple versions of the Netscape Network Security Services library, including versions 3.2 through 3.9.
What kind of attack does CVE-2004-0826 allow?
CVE-2004-0826 allows remote attackers to execute arbitrary code on affected systems.
When was CVE-2004-0826 disclosed?
CVE-2004-0826 was disclosed in 2004, revealing significant vulnerabilities in SSLv2.
- agent/references
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mozilla
- canonical/mozilla nss esr
- version/mozilla nss esr/3.2
- version/mozilla nss esr/3.2.1
- version/mozilla nss esr/3.3
- version/mozilla nss esr/3.3.1
- version/mozilla nss esr/3.3.2
- version/mozilla nss esr/3.4
- version/mozilla nss esr/3.4.1
- version/mozilla nss esr/3.4.2
- version/mozilla nss esr/3.5
- version/mozilla nss esr/3.6
- version/mozilla nss esr/3.6.1
- version/mozilla nss esr/3.7
- version/mozilla nss esr/3.7.1
- version/mozilla nss esr/3.7.2
- version/mozilla nss esr/3.7.3
- version/mozilla nss esr/3.7.5
- version/mozilla nss esr/3.7.7
- version/mozilla nss esr/3.8
- version/mozilla nss esr/3.9
- vendor/netscape
- canonical/netscape certificate server
- version/netscape certificate server/1.0-patch1
- version/netscape certificate server/4.2
- canonical/netscape directory server
- version/netscape directory server/1.3-patch5
- version/netscape directory server/3.1-patch1
- version/netscape directory server/3.12
- version/netscape directory server/4.1
- version/netscape directory server/4.11
- version/netscape directory server/4.13
- canonical/netscape enterprise server
- version/netscape enterprise server/2.0
- version/netscape enterprise server/2.0.1c
- version/netscape enterprise server/2.0a
- version/netscape enterprise server/3.0
- version/netscape enterprise server/3.0.1
- version/netscape enterprise server/3.0.1b
- version/netscape enterprise server/3.0.7a
- version/netscape enterprise server/3.0l
- version/netscape enterprise server/3.1
- version/netscape enterprise server/3.2
- version/netscape enterprise server/3.3
- version/netscape enterprise server/3.4
- version/netscape enterprise server/3.5
- version/netscape enterprise server/3.5.1
- version/netscape enterprise server/3.6
- version/netscape enterprise server/3.6-sp1
- version/netscape enterprise server/3.6-sp2
- version/netscape enterprise server/3.6-sp3
- version/netscape enterprise server/4.0
- version/netscape enterprise server/4.1-sp3
- version/netscape enterprise server/4.1-sp4
- version/netscape enterprise server/4.1-sp5
- version/netscape enterprise server/4.1-sp6
- version/netscape enterprise server/4.1-sp7
- version/netscape enterprise server/4.1-sp8
- version/netscape enterprise server/4.1.1
- version/netscape enterprise server/5.0
- canonical/netscape personalization engine
- vendor/sun
- canonical/sun java enterprise system
- version/sun java enterprise system/2003q4
- version/sun java enterprise system/2004q2
- canonical/sun one application server
- version/sun one application server/7.0
- version/sun one application server/7.0-ur4
- version/sun one application server/7.1
- version/sun one application server/6.0
- version/sun one application server/6.0-sp1
- version/sun one application server/6.0-sp2
- canonical/iplanet web server
- version/iplanet web server/4.1
- version/iplanet web server/4.1-sp1
- version/iplanet web server/4.1-sp10
- version/iplanet web server/4.1-sp11
- version/iplanet web server/4.1-sp12
- version/iplanet web server/4.1-sp13
- version/iplanet web server/4.1-sp14
- version/iplanet web server/4.1-sp2
- version/iplanet web server/4.1-sp3
- version/iplanet web server/4.1-sp4
- version/iplanet web server/4.1-sp5
- version/iplanet web server/4.1-sp6
- version/iplanet web server/4.1-sp7
- version/iplanet web server/4.1-sp8
- version/iplanet web server/4.1-sp9
- version/iplanet web server/6.0-sp3
- version/iplanet web server/6.0-sp4
- version/iplanet web server/6.0-sp5
- version/iplanet web server/6.0-sp7
- version/iplanet web server/6.0-sp8
- version/iplanet web server/6.1
- version/iplanet web server/6.1-sp1
- version/iplanet web server/6.1-sp2
- vendor/hp
- canonical/hpe hp-ux
- version/hpe hp-ux/11.00
- version/hpe hp-ux/11.11
- version/hpe hp-ux/11.23