VDB
CVE-2003-0693
CVE-2003-0693
PUBLISHED
CVSS 10 CRITICAL
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
EPSS 26.82% · 96.5th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
26.82%
96.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| openbsd | openssh | 0 |
Exploit Intelligence
- 20030916 The lowdown on SSH vulnerability (circl)
- [oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems (circl)
- 1000620 (circl)
- 20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh) (circl)
- openssh-packet-bo(13191) (circl)
- DSA-383 (circl)
- 20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01) (circl)
- http://www.openssh.com/txt/buffer.adv (circl)
- RHSA-2003:280 (circl)
- CA-2003-24 (circl)
…and 16 more exploits
Timeline
- Sep 16, 2003 CVE Published
- Sep 16, 2003 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Feb 8, 2024 EPSS Score
References
- 1000620 vendor-advisory
- 20030915 new ssh exploit? mailing-list
- 20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh) mailing-list
- openssh-packet-bo(13191) vdb
- DSA-383 vendor-advisory
- 20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01) mailing-list
- http://www.openssh.com/txt/buffer.adv url
- RHSA-2003:280 vendor-advisory
- CA-2003-24 third-party-advisory
- 20030915 openssh remote exploit mailing-list
- oval:org.mitre.oval:def:2719 vdb
- 2003-0033 vendor-advisory
- 20030916 The lowdown on SSH vulnerability mailing-list
- DSA-382 vendor-advisory
- 20030916 OpenSSH Buffer Management Bug Advisory mailing-list
- MDKSA-2003:090 vendor-advisory
- oval:org.mitre.oval:def:447 vdb
- RHSA-2003:279 vendor-advisory
- VU#333628 third-party-advisory
- [oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems mailing-list
…and 1 more