CVE-2003-0693 — Vulnetix

Try Vulnetix Request Demo

CVE-2003-0693 PUBLISHED CVSS 10 CRITICAL

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

EPSS 26.82% · 96.3th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

26.82%

96.3th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
openbsd	openssh	0

Timeline

Sep 16, 2003 CVE Published
Sep 16, 2003 PoC Published
Feb 4, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score
Feb 3, 2024 EPSS Score

References

1000620 vendor-advisory
20030915 new ssh exploit? mailing-list
20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh) mailing-list
openssh-packet-bo(13191) vdb
DSA-383 vendor-advisory
20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01) mailing-list
http://www.openssh.com/txt/buffer.adv url
RHSA-2003:280 vendor-advisory
CA-2003-24 third-party-advisory
20030915 openssh remote exploit mailing-list
oval:org.mitre.oval:def:2719 vdb
2003-0033 vendor-advisory
20030916 The lowdown on SSH vulnerability mailing-list
DSA-382 vendor-advisory
20030916 OpenSSH Buffer Management Bug Advisory mailing-list
MDKSA-2003:090 vendor-advisory
oval:org.mitre.oval:def:447 vdb
RHSA-2003:279 vendor-advisory
VU#333628 third-party-advisory
[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems mailing-list

…and 1 more

Open in Interactive Console →