CVE-2003-0543 | Vulnerability Database | Aqua Security

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.6 (including)	0.9.6 (including)
Openssl	Openssl	0.9.7 (including)	0.9.7 (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Enterprise Linux ES version 2.1	RedHat		*
Red Hat Enterprise Linux WS version 2.1	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.2	RedHat		*
Red Hat Linux 7.3	RedHat		*
Red Hat Linux 8.0	RedHat		*
Red Hat Linux 9	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*
Red Hat Stronghold 4	RedHat		*
Openssl	Ubuntu	dapper	*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	edgy	*
Openssl	Ubuntu	feisty	*
Openssl097	Ubuntu	dapper	*
Openssl097	Ubuntu	devel	*
Openssl097	Ubuntu	edgy	*
Openssl097	Ubuntu	feisty	*

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
http://secunia.com/advisories/22249
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
http://www.cert.org/advisories/CA-2003-26.html
http://www.debian.org/security/2003/dsa-393
http://www.debian.org/security/2003/dsa-394
http://www.kb.cert.org/vuls/id/255484
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
http://www.redhat.com/support/errata/RHSA-2003-291.html
http://www.redhat.com/support/errata/RHSA-2003-292.html
http://www.securityfocus.com/bid/8732
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
http://www.vupen.com/english/advisories/2006/3900
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0543
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html