cbcvebase.
CVE-2003-0787
published 2003-11-17

CVE-2003-0787: The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the…

PriorityP426high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.66%
73.7th percentile
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianopenssh< openssh 1:3.7.1p2 (bookworm)openssh 1:3.7.1p2 (bookworm)
openbsdopenssh
openbsdopenssh
openbsdopenssh>= 0 < 1:3.7.1p21:3.7.1p2
openbsdopenssh>= 0 < 1:3.7.1p21:3.7.1p2
openbsdopenssh>= 0 < 1:3.7.1p21:3.7.1p2
openbsdopenssh>= 0 < 1:3.7.1p21:3.7.1p2

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.