CVE-2003-0545
published 2003-11-17CVE-2003-0545: Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client…
PriorityP343critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
85.45%
99.7th percentile
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.7c (bookworm) | openssl 0.9.7c (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 0.9.7c | 0.9.7c |
| openssl | openssl | >= 0 < 0.9.7c | 0.9.7c |
| openssl | openssl | >= 0 < 0.9.7c | 0.9.7c |
| openssl | openssl | >= 0 < 0.9.7c | 0.9.7c |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger vector is a malformed SSL client certificate with invalid ASN.1 encoding sent to an SSL server; monitor for SSL handshake anomalies involving client certificates with unusual or malformed ASN.1 tag values. ↗
- →The vulnerability can be triggered even when the server is NOT configured to require client certificate authentication; do not rely on client-auth being disabled as a mitigation. ↗
- →The exploit primitive is a double-free triggered by certain ASN.1 encodings rejected as invalid by the parser, corrupting the stack; look for unexpected crashes or double-free signals in OpenSSL 0.9.7 processes handling SSL. ↗
- →Only OpenSSL 0.9.7 is affected by CVE-2003-0545 (double-free); OpenSSL 0.9.6 is NOT affected by this specific issue — scope detection rules accordingly. ↗
- ·Cisco devices running SSL servers based on affected OpenSSL are vulnerable; Cisco Bug IDs CSCec46274, CSCec31274, CSCec69386, CSCec45573, CSCec79098 track affected products. ↗
- ·Red Hat Enterprise Linux 2.1, 3, and 4 ship openssl096b which is NOT affected by CVE-2003-0545; only OpenSSL 0.9.7 packages require patching. ↗
- ·Fixed upstream in OpenSSL 0.9.7c; Debian resolved the issue in that version across all tracked suites. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_cisco5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mmjc-3g2p-897m: Double free vulnerability in OpenSSL 0
ghsa_unreviewed·2022-04-29
CVE-2003-0545 [HIGH] CWE-119 GHSA-mmjc-3g2p-897m: Double free vulnerability in OpenSSL 0
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
OSV
CVE-2003-0545: Double free vulnerability in OpenSSL 0
osv·2003-11-17·CVSS 9.8
CVE-2003-0545 [CRITICAL] CVE-2003-0545: Double free vulnerability in OpenSSL 0
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
Red Hat
CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes
vendor_redhat·2003-09-30·CVSS 9.8
CVE-2003-0545 [CRITICAL] CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes
CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
Statement: Not vulnerable. The OpenSSL packages in Red Hat Enterprise Linux 2.1 were not affected by this issue.
The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 contain a backported patch since their initial release (openssl), or were not affected by this issue (openssl096b).
The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).
Cisco
SSL Implementation Vulnerabilities
vendor_cisco·2003-09-30·CVSS 5.0
CVE-2003-0543 [MEDIUM] CWE-399 SSL Implementation Vulnerabilities
SSL Implementation Vulnerabilities
On September 30, 2003, new vulnerabilities in the
OpenSSL
implementation
for SSL were announced. This is referred to as the "first" vulnerability in
this document.
On November 4, 2003, another vulnerability in the
OpenSSL
implementation
for SSL, version 0.9.6, was announced. This is referred to as the "second"
vulnerability in this document.
An affected network device running an SSL server based on an affected
OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack
when presented with a malformed certificate by a client. The network device may
be vulnerable to this vulnerability even if it is configured to not
authenticate certificates from the client. There are workarounds available to
mitigate the effects of these vulnerabilities
Debian
CVE-2003-0545: openssl - Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a de...
vendor_debian·2003·CVSS 9.8
CVE-2003-0545 [CRITICAL] CVE-2003-0545: openssl - Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a de...
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
Scope: local
bookworm: resolved (fixed in 0.9.7c)
bullseye: resolved (fixed in 0.9.7c)
forky: resolved (fixed in 0.9.7c)
sid: resolved (fixed in 0.9.7c)
trixie: resolved (fixed in 0.9.7c)
Cisco
SSL Implementation Vulnerabilities
vendor_cisco
CVE-2003-0545 SSL Implementation Vulnerabilities
CVE-2003-0545: SSL Implementation Vulnerabilities
On September 30, 2003, new vulnerabilities in the OpenSSL implementation for SSL were announced. This is referred to as the "first" vulnerability in this document. On November 4, 2003, another vulnerability in the OpenSSL implementation for SSL, version 0.9.6, was announced. This is referred to as the "second" vulnerability in this document. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client. The network device may be vulnerable to this vulnerability even if it is configured to not authenticate certificates from the client. There are
CWE: CWE-399, CWE-399
Bug IDs: CSCec46274, CSCec31274, CSC
Red Hat
CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN
vendor_redhat·CVSS 5.0
CVE-2005-1730 [MEDIUM] CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.
Statement: Based on our research we believe that the "OpenSSL ASN.1 brute forcer." is actually exploiting flaws CVE-2003-0543, CVE-2003-0544, CVE-2003-0545. Those issues are all addressed in Red Hat Enterprise Linux and therefore CVE-2005-1730 is a duplicate assignment.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/22249http://www-1.ibm.com/support/docview.wss?uid=swg21247112http://www.cert.org/advisories/CA-2003-26.htmlhttp://www.debian.org/security/2003/dsa-394http://www.kb.cert.org/vuls/id/935264http://www.redhat.com/support/errata/RHSA-2003-292.htmlhttp://www.securityfocus.com/bid/8732http://www.uniras.gov.uk/vuls/2003/006489/openssl.htmhttp://www.vupen.com/english/advisories/2006/3900https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590http://secunia.com/advisories/22249http://www-1.ibm.com/support/docview.wss?uid=swg21247112http://www.cert.org/advisories/CA-2003-26.htmlhttp://www.debian.org/security/2003/dsa-394http://www.kb.cert.org/vuls/id/935264http://www.redhat.com/support/errata/RHSA-2003-292.htmlhttp://www.securityfocus.com/bid/8732http://www.uniras.gov.uk/vuls/2003/006489/openssl.htmhttp://www.vupen.com/english/advisories/2006/3900https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590
2003-11-17
Published