CVE-2003-0544 — Openssl vulnerability

CWE-39910 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

26.2%

top 3.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedNov 17

Latest updateApr 29

Description

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 0.9.7c (bookworm)

▶Debianopenssl/openssl< 0.9.7c+3

▶NVDopenssl/openssl0.9.6, 0.9.7+1

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-4352-7f73-983c: OpenSSL 0↗2022-04-29

▶

OSV

CVE-2003-0544: OpenSSL 0↗2003-11-17

▶

📋Vendor Advisories

Red Hat

CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes↗2003-09-30

▶

Cisco

SSL Implementation Vulnerabilities↗2003-09-30

▶

Red Hat

CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes↗2003-09-30

▶

Red Hat

CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes↗2003-09-30

▶

Debian

CVE-2003-0544: openssl - OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in cert...↗2003

▶