CVE-2003-0682
published 2003-10-06CVE-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
8.58%
94.4th percentile
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:3.6.1p2-9 (bookworm) | openssh 1:3.6.1p2-9 (bookworm) |
| openbsd | openssh | <= 3.7.1 | — |
| openbsd | openssh | >= 0 < 1:3.6.1p2-9 | 1:3.6.1p2-9 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-9 | 1:3.6.1p2-9 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-9 | 1:3.6.1p2-9 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-9 | 1:3.6.1p2-9 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
OpenSSH Server Vulnerabilities
vendor_cisco·2003-09-17
CVE-2003-0682 CWE-119 OpenSSH Server Vulnerabilities
OpenSSH Server Vulnerabilities
New vulnerabilities in the
OpenSSH
implementation
for SSH servers have been announced.
An affected network device, running an SSH server based on the OpenSSH
implementation, may be vulnerable to a Denial of Service (DoS) attack when an
exploit script is repeatedly executed against the same device. There are
workarounds available to mitigate the effects of these vulnerabilities.
This advisory will be posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20030917-openssh.
Red Hat
security flaw
vendor_redhat·2003-09-16·CVSS 7.5
CVE-2003-0682 [HIGH] security flaw
security flaw
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
Statement: Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Debian
CVE-2003-0682: openssh - "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set...
vendor_debian·2003·CVSS 7.5
CVE-2003-0682 [HIGH] CVE-2003-0682: openssh - "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set...
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
Scope: local
bookworm: resolved (fixed in 1:3.6.1p2-9)
bullseye: resolved (fixed in 1:3.6.1p2-9)
forky: resolved (fixed in 1:3.6.1p2-9)
sid: resolved (fixed in 1:3.6.1p2-9)
trixie: resolved (fixed in 1:3.6.1p2-9)
Cisco
OpenSSH Server Vulnerabilities
vendor_cisco
CVE-2003-0682 OpenSSH Server Vulnerabilities
CVE-2003-0682: OpenSSH Server Vulnerabilities
New vulnerabilities in the OpenSSH implementation for SSH servers have been announced. An affected network device, running an SSH server based on the OpenSSH implementation, may be vulnerable to a Denial of Service (DoS) attack when an exploit script is repeatedly executed against the same device. There are
CWE: CWE-119, CWE-119
Bug IDs: CSCec33092, CSCec32508, CSCec37419, CSCec35975, CSCec34502
GHSA
GHSA-v6qf-7xj9-683j: "Memory bugs" in OpenSSH 3
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2003-0682 [CRITICAL] GHSA-v6qf-7xj9-683j: "Memory bugs" in OpenSSH 3
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
OSV
CVE-2003-0682: "Memory bugs" in OpenSSH 3
osv·2003-10-06·CVSS 7.5
CVE-2003-0682 [HIGH] CVE-2003-0682: "Memory bugs" in OpenSSH 3
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
No detection rules found.
No public exploits indexed.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741http://marc.info/?l=bugtraq&m=106373546332230&w=2http://marc.info/?l=bugtraq&m=106381409220492&w=2http://www.debian.org/security/2003/dsa-382http://www.debian.org/security/2003/dsa-383http://www.redhat.com/support/errata/RHSA-2003-280.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741http://marc.info/?l=bugtraq&m=106373546332230&w=2http://marc.info/?l=bugtraq&m=106381409220492&w=2http://www.debian.org/security/2003/dsa-382http://www.debian.org/security/2003/dsa-383http://www.redhat.com/support/errata/RHSA-2003-280.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446
2003-10-06
Published