CVE-2003-0693
published 2003-09-22CVE-2003-0693: A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an…
PriorityP336critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
9.89%
95.0th percentile
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:3.6.1p2-6.0 (bookworm) | openssh 1:3.6.1p2-6.0 (bookworm) |
| debian | openssh | < openssh 1:3.6.1p2-9 (bookworm) | openssh 1:3.6.1p2-9 (bookworm) |
| debian | openssh | < openssh 1:3.7.1 (bookworm) | openssh 1:3.7.1 (bookworm) |
| openbsd | openssh | <= 3.7 | — |
| openbsd | openssh | <= 3.7.1 | — |
| openbsd | openssh | >= 0 < 1:3.7.1 | 1:3.7.1 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-6.0 | 1:3.6.1p2-6.0 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-9 | 1:3.6.1p2-9 |
| openbsd | openssh | >= 0 < 1:3.7.1 | 1:3.7.1 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-6.0 | 1:3.6.1p2-6.0 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-9 | 1:3.6.1p2-9 |
| openbsd | openssh | >= 0 < 1:3.7.1 | 1:3.7.1 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-6.0 | 1:3.6.1p2-6.0 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-9 | 1:3.6.1p2-9 |
| openbsd | openssh | >= 0 < 1:3.7.1 | 1:3.7.1 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-6.0 | 1:3.6.1p2-6.0 |
| openbsd | openssh | >= 0 < 1:3.6.1p2-9 | 1:3.6.1p2-9 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
OpenSSH Server Vulnerabilities
vendor_cisco·2003-09-17
CVE-2003-0682 CWE-119 OpenSSH Server Vulnerabilities
OpenSSH Server Vulnerabilities
New vulnerabilities in the
OpenSSH
implementation
for SSH servers have been announced.
An affected network device, running an SSH server based on the OpenSSH
implementation, may be vulnerable to a Denial of Service (DoS) attack when an
exploit script is repeatedly executed against the same device. There are
workarounds available to mitigate the effects of these vulnerabilities.
This advisory will be posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20030917-openssh.
Red Hat
security flaw
vendor_redhat·2003-09-16·CVSS 7.5
CVE-2003-0682 [HIGH] security flaw
security flaw
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
Statement: Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Red Hat
security flaw
vendor_redhat·2003-09-16·CVSS 10.0
CVE-2003-0695 [CRITICAL] security flaw
security flaw
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
Statement: Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Red Hat
security flaw
vendor_redhat·2003-09-15·CVSS 10.0
CVE-2003-0693 [CRITICAL] security flaw
security flaw
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
Statement: Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Debian
CVE-2003-0693: openssh - A "buffer management error" in buffer_append_space of buffer.c for OpenSSH befor...
vendor_debian·2003·CVSS 10.0
CVE-2003-0693 [CRITICAL] CVE-2003-0693: openssh - A "buffer management error" in buffer_append_space of buffer.c for OpenSSH befor...
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
Scope: local
bookworm: resolved (fixed in 1:3.6.1p2-6.0)
bullseye: resolved (fixed in 1:3.6.1p2-6.0)
forky: resolved (fixed in 1:3.6.1p2-6.0)
sid: resolved (fixed in 1:3.6.1p2-6.0)
trixie: resolved (fixed in 1:3.6.1p2-6.0)
Debian
CVE-2003-0682: openssh - "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set...
vendor_debian·2003·CVSS 7.5
CVE-2003-0682 [HIGH] CVE-2003-0682: openssh - "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set...
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
Scope: local
bookworm: resolved (fixed in 1:3.6.1p2-9)
bullseye: resolved (fixed in 1:3.6.1p2-9)
forky: resolved (fixed in 1:3.6.1p2-9)
sid: resolved (fixed in 1:3.6.1p2-9)
trixie: resolved (fixed in 1:3.6.1p2-9)
Debian
CVE-2003-0695: openssh - Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers ...
vendor_debian·2003·CVSS 10.0
CVE-2003-0695 [CRITICAL] CVE-2003-0695: openssh - Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers ...
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
Scope: local
bookworm: resolved (fixed in 1:3.7.1)
bullseye: resolved (fixed in 1:3.7.1)
forky: resolved (fixed in 1:3.7.1)
sid: resolved (fixed in 1:3.7.1)
trixie: resolved (fixed in 1:3.7.1)
Cisco
OpenSSH Server Vulnerabilities
vendor_cisco
CVE-2003-0693 OpenSSH Server Vulnerabilities
CVE-2003-0693: OpenSSH Server Vulnerabilities
New vulnerabilities in the OpenSSH implementation for SSH servers have been announced. An affected network device, running an SSH server based on the OpenSSH implementation, may be vulnerable to a Denial of Service (DoS) attack when an exploit script is repeatedly executed against the same device. There are
CWE: CWE-119, CWE-119
Bug IDs: CSCec33092, CSCec32508, CSCec37419, CSCec35975, CSCec34502
GHSA
GHSA-2264-54r3-3rjm: A "buffer management error" in buffer_append_space of buffer
ghsa_unreviewed·2022-04-29·CVSS 7.5
CVE-2003-0693 [HIGH] GHSA-2264-54r3-3rjm: A "buffer management error" in buffer_append_space of buffer
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
GHSA
GHSA-rphm-82wp-ppfq: Multiple "buffer management errors" in OpenSSH before 3
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2003-0695 [CRITICAL] GHSA-rphm-82wp-ppfq: Multiple "buffer management errors" in OpenSSH before 3
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
GHSA
GHSA-v6qf-7xj9-683j: "Memory bugs" in OpenSSH 3
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2003-0682 [CRITICAL] GHSA-v6qf-7xj9-683j: "Memory bugs" in OpenSSH 3
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
OSV
CVE-2003-0695: Multiple "buffer management errors" in OpenSSH before 3
osv·2003-10-06·CVSS 10.0
CVE-2003-0695 [CRITICAL] CVE-2003-0695: Multiple "buffer management errors" in OpenSSH before 3
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
OSV
CVE-2003-0682: "Memory bugs" in OpenSSH 3
osv·2003-10-06·CVSS 7.5
CVE-2003-0682 [HIGH] CVE-2003-0682: "Memory bugs" in OpenSSH 3
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
OSV
CVE-2003-0693: A "buffer management error" in buffer_append_space of buffer
osv·2003-09-22·CVSS 10.0
CVE-2003-0693 [CRITICAL] CVE-2003-0693: A "buffer management error" in buffer_append_space of buffer
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0693 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2003-0693 [CRITICAL] CVE-2003-0693 security flaw
CVE-2003-0693 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
---
Statement:
Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect
Bugzilla
CVE-2003-0682 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2003-0682 [HIGH] CVE-2003-0682 security flaw
CVE-2003-0682 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
---
Statement:
Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Bugzilla
CVE-2003-0695 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2003-0695 [CRITICAL] CVE-2003-0695 security flaw
CVE-2003-0695 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
---
Statement:
Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
Th
arXiv
Integrating Network and Attack Graphs for Service-Centric Impact Analysis
arxiv_fulltext·2026-02-11
Integrating Network and Attack Graphs for Service-Centric Impact Analysis
Integrating Network and Attack Graphs for Service-Centric Impact Analysis
Joni Herttuainene1
Vesa Kuikka
Kimmo K. Kaski
e1e-mail: [email protected]
Department of Computer Science, Aalto University School of Science,
P.O. Box 11000, 00076 Aalto, Finland
Received: date / Accepted: date
## Abstract
We present a novel methodology for modelling, visualising, and analysing cyber threats, attack paths, as well as their impact on user services in enterprise or infrastructure networks of digital devices and services they provide. Using probabilistic methods to track the propagation of an attack through attack graphs, via the service or application layers, and on physical communication networks, our model enables us to analyse cyber attacks at different levels of detail. Understanding
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.htmlhttp://marc.info/?l=bugtraq&m=106373247528528&w=2http://marc.info/?l=bugtraq&m=106373546332230&w=2http://marc.info/?l=bugtraq&m=106374466212309&w=2http://marc.info/?l=bugtraq&m=106381396120332&w=2http://marc.info/?l=bugtraq&m=106381409220492&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1http://www.cert.org/advisories/CA-2003-24.htmlhttp://www.debian.org/security/2003/dsa-382http://www.debian.org/security/2003/dsa-383http://www.kb.cert.org/vuls/id/333628http://www.mandriva.com/security/advisories?name=MDKSA-2003:090http://www.openssh.com/txt/buffer.advhttp://www.openwall.com/lists/oss-security/2024/07/01/3http://www.redhat.com/support/errata/RHSA-2003-280.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/13191https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.htmlhttp://marc.info/?l=bugtraq&m=106373247528528&w=2http://marc.info/?l=bugtraq&m=106373546332230&w=2http://marc.info/?l=bugtraq&m=106374466212309&w=2http://marc.info/?l=bugtraq&m=106381396120332&w=2http://marc.info/?l=bugtraq&m=106381409220492&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1http://www.cert.org/advisories/CA-2003-24.htmlhttp://www.debian.org/security/2003/dsa-382http://www.debian.org/security/2003/dsa-383http://www.kb.cert.org/vuls/id/333628http://www.mandriva.com/security/advisories?name=MDKSA-2003:090http://www.openssh.com/txt/buffer.advhttp://www.openwall.com/lists/oss-security/2024/07/01/3http://www.redhat.com/support/errata/RHSA-2003-280.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/13191https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447
2003-09-22
Published