CVE-2003-0544 — Vulnetix

Try Vulnetix Request Demo

CVE-2003-0544 PUBLISHED

Reported by mitre · Published October 1, 2003

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a, n/a

Timeline

Sep 30, 2003 CVE Published
Feb 4, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Oct 16, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

RHSA-2003:292 vendor-advisoryx_refsource_REDHAT
oval:org.mitre.oval:def:4574 vdb-entrysignaturex_refsource_OVAL
VU#380864 third-party-advisoryx_refsource_CERT-VN
openssl-asn1-sslclient-dos(43041) vdb-entryx_refsource_XF
ADV-2006-3900 vdb-entryx_refsource_VUPEN
DSA-393 vendor-advisoryx_refsource_DEBIAN
x_refsource_CONFIRM
x_refsource_MISC
DSA-394 vendor-advisoryx_refsource_DEBIAN
RHSA-2003:291 vendor-advisoryx_refsource_REDHAT
CA-2003-26 third-party-advisoryx_refsource_CERT
22249 third-party-advisoryx_refsource_SECUNIA
8732 vdb-entryx_refsource_BID
201029 vendor-advisoryx_refsource_SUNALERT
x_refsource_CONFIRM
ESA-20030930-027 vendor-advisoryx_refsource_ENGARDE

Open in Interactive Console →