VDB
CVE-2003-0695
CVE-2003-0695
PUBLISHED
CVSS 7.5 HIGH
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
EPSS 1.02% · 77.5th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
1.02%
77.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openbsd | openssh | 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- 20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh) (circl)
- DSA-383 (circl)
- http://www.openssh.com/txt/buffer.adv (circl)
- RHSA-2003:280 (circl)
- http://marc.info/?l=openbsd-security-announce&m=106375582924840 (circl)
- CLA-2003:741 (circl)
- 2003-0033 (circl)
- DSA-382 (circl)
- MDKSA-2003:090 (circl)
- oval:org.mitre.oval:def:452 (circl)
…and 6 more exploits
Timeline
- Sep 18, 2003 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh) mailing-list
- DSA-383 vendor-advisory
- http://www.openssh.com/txt/buffer.adv url
- RHSA-2003:280 vendor-advisory
- http://marc.info/?l=openbsd-security-announce&m=106375582924840 url
- CLA-2003:741 vendor-advisory
- 2003-0033 vendor-advisory
- DSA-382 vendor-advisory
- MDKSA-2003:090 vendor-advisory
- oval:org.mitre.oval:def:452 vdb
- RHSA-2003:279 vendor-advisory
- 20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01) mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2003-0695 advisory