CVE Vulnerabilities

CVE-2003-0544

Published: Nov 17, 2003 | Modified: May 03, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

Affected Software

Name Vendor Start Version End Version
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.7 0.9.7
Openssl Ubuntu dapper *
Openssl Ubuntu devel *
Openssl Ubuntu edgy *
Openssl Ubuntu feisty *
Openssl097 Ubuntu dapper *
Openssl097 Ubuntu devel *
Openssl097 Ubuntu edgy *
Openssl097 Ubuntu feisty *

References