CVE-2003-0695 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssh

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents8 sources

Severity

7.5HIGHNVD

CNA10.0OSV10.0

EPSS

1.0%

top 22.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedOct 6

Latest updateApr 29

Description

Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:3.7.1+3

▶NVDopenbsd/openssh3.7.1

Patches

Patch: www.debian.org ↗Patch: www.redhat.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-rphm-82wp-ppfq: Multiple "buffer management errors" in OpenSSH before 3↗2022-04-29

▶

OSV

CVE-2003-0695: Multiple "buffer management errors" in OpenSSH before 3↗2003-10-06

▶

CVEList

CVE-2003-0695: Multiple "buffer management errors" in OpenSSH before 3↗2003-09-18

▶

📋Vendor Advisories

Cisco

OpenSSH Server Vulnerabilities↗2003-09-17

▶

Red Hat

security flaw↗2003-09-16

▶

Red Hat

security flaw↗2003-09-16

▶

Red Hat

security flaw↗2003-09-15

▶

Debian

CVE-2003-0695: openssh - Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers ...↗2003

▶

💬Community

Bugzilla

CVE-2003-0693 security flaw↗2018-08-16

▶

Bugzilla

CVE-2003-0682 security flaw↗2018-08-16

▶

Bugzilla

CVE-2003-0695 security flaw↗2018-08-16

▶