cbcvebase.
CVE-2003-0693
published 2003-09-22

CVE-2003-0693: A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an…

PriorityP336critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
9.89%
95.0th percentile
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

Affected

17 ranges
VendorProductVersion rangeFixed in
debianopenssh< openssh 1:3.6.1p2-6.0 (bookworm)openssh 1:3.6.1p2-6.0 (bookworm)
debianopenssh< openssh 1:3.6.1p2-9 (bookworm)openssh 1:3.6.1p2-9 (bookworm)
debianopenssh< openssh 1:3.7.1 (bookworm)openssh 1:3.7.1 (bookworm)
openbsdopenssh<= 3.7
openbsdopenssh<= 3.7.1
openbsdopenssh>= 0 < 1:3.7.11:3.7.1
openbsdopenssh>= 0 < 1:3.6.1p2-6.01:3.6.1p2-6.0
openbsdopenssh>= 0 < 1:3.6.1p2-91:3.6.1p2-9
openbsdopenssh>= 0 < 1:3.7.11:3.7.1
openbsdopenssh>= 0 < 1:3.6.1p2-6.01:3.6.1p2-6.0
openbsdopenssh>= 0 < 1:3.6.1p2-91:3.6.1p2-9
openbsdopenssh>= 0 < 1:3.7.11:3.7.1
openbsdopenssh>= 0 < 1:3.6.1p2-6.01:3.6.1p2-6.0
openbsdopenssh>= 0 < 1:3.6.1p2-91:3.6.1p2-9
openbsdopenssh>= 0 < 1:3.7.11:3.7.1
openbsdopenssh>= 0 < 1:3.6.1p2-6.01:3.6.1p2-6.0
openbsdopenssh>= 0 < 1:3.6.1p2-91:3.6.1p2-9

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.