cbcvebase.
CVE-2003-0545
published 2003-11-17

CVE-2003-0545: Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client…

PriorityP343critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
85.45%
99.7th percentile
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianopenssl< openssl 0.9.7c (bookworm)openssl 0.9.7c (bookworm)
opensslopenssl
opensslopenssl
opensslopenssl>= 0 < 0.9.7c0.9.7c
opensslopenssl>= 0 < 0.9.7c0.9.7c
opensslopenssl>= 0 < 0.9.7c0.9.7c
opensslopenssl>= 0 < 0.9.7c0.9.7c

Detection & IOCsextracted from sources · hover to see the quote

versionOpenSSL 0.9.7
  • Trigger vector is a malformed SSL client certificate with invalid ASN.1 encoding sent to an SSL server; monitor for SSL handshake anomalies involving client certificates with unusual or malformed ASN.1 tag values.
  • The vulnerability can be triggered even when the server is NOT configured to require client certificate authentication; do not rely on client-auth being disabled as a mitigation.
  • The exploit primitive is a double-free triggered by certain ASN.1 encodings rejected as invalid by the parser, corrupting the stack; look for unexpected crashes or double-free signals in OpenSSL 0.9.7 processes handling SSL.
  • Only OpenSSL 0.9.7 is affected by CVE-2003-0545 (double-free); OpenSSL 0.9.6 is NOT affected by this specific issue — scope detection rules accordingly.
  • ·Cisco devices running SSL servers based on affected OpenSSL are vulnerable; Cisco Bug IDs CSCec46274, CSCec31274, CSCec69386, CSCec45573, CSCec79098 track affected products.
  • ·Red Hat Enterprise Linux 2.1, 3, and 4 ship openssl096b which is NOT affected by CVE-2003-0545; only OpenSSL 0.9.7 packages require patching.
  • ·Fixed upstream in OpenSSL 0.9.7c; Debian resolved the issue in that version across all tracked suites.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_cisco5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.