CVE-2003-0545 — Double Free in Openssl

CWE-415 — Double Free CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-39910 documents8 sources

Severity

9.8CRITICALNVD

EPSS

74.6%

top 1.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedNov 17

Latest updateApr 29

Description

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 0.9.7c (bookworm)

▶Debianopenssl/openssl< 0.9.7c+3

▶NVDopenssl/openssl0.9.6, 0.9.7+1

Patches

Patch: www.redhat.com ↗Patch: www.uniras.gov.uk ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-mmjc-3g2p-897m: Double free vulnerability in OpenSSL 0↗2022-04-29

▶

OSV

CVE-2003-0545: Double free vulnerability in OpenSSL 0↗2003-11-17

▶

📋Vendor Advisories

Red Hat

CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes↗2003-09-30

▶

Cisco

SSL Implementation Vulnerabilities↗2003-09-30

▶

Debian

CVE-2003-0545: openssl - Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a de...↗2003

▶

Cisco

SSL Implementation Vulnerabilities↗

▶

Red Hat

CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN↗

▶

📐Framework References

CWE

Double Free↗

▶

💬Community

Bugzilla

CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes↗2003-09-23

▶