CVE-2004-0826

Network Security Services - Heap-Based Buffer Overflow via SSLv2 Client Hello Message

Title source: llm

Description

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

References (4)

Core 4

Core References

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11015

Patch, Vendor Advisory third-party-advisory x_refsource_iss

http://xforce.iss.net/xforce/alerts/id/180

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16314

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=109351293827731&w=2

Scores

EPSS 0.0300

EPSS Percentile 86.7%

Details

Status published

Products (45)

hp/hp-ux 11.00

hp/hp-ux 11.11

hp/hp-ux 11.23

mozilla/network_security_services 3.2

mozilla/network_security_services 3.2.1

mozilla/network_security_services 3.3

mozilla/network_security_services 3.3.1

mozilla/network_security_services 3.3.2

mozilla/network_security_services 3.4

mozilla/network_security_services 3.4.1

... and 35 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026