Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0543Openssl vulnerability

CWE-39911 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
43.2%
top 2.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
OpensslDebian Openssl
Timeline
PublishedNov 17
Latest updateApr 29

Description

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/openssl< openssl 0.9.7c (bookworm)
Debianopenssl/openssl< 0.9.7c+3
NVDopenssl/openssl0.9.6, 0.9.7+1

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-v3q3-83mw-m54r: Integer overflow in OpenSSL 02022-04-29
OSV
CVE-2003-0543: Integer overflow in OpenSSL 02003-11-17

💥Exploits & PoCs

1
Exploit-DB
OpenSSL ASN.1 < 0.9.6j/0.9.7b - Brute Forcer for Parsing Bugs2003-10-09

📋Vendor Advisories

7
Red Hat
CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes2003-09-30
Cisco
SSL Implementation Vulnerabilities2003-09-30
Red Hat
CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes2003-09-30
Red Hat
CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes2003-09-30
Debian
CVE-2003-0543: openssl - Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a d...2003