Vulnerability Name: | CVE-2003-0544 (CCN-43041) | ||||||||||||||||||||
Assigned: | 2003-09-23 | ||||||||||||||||||||
Published: | 2003-09-23 | ||||||||||||||||||||
Updated: | 2018-05-03 | ||||||||||||||||||||
Summary: | OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. | ||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||
References: | Source: CONFIRM Type: UNKNOWN http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 Source: MITRE Type: CNA CVE-2003-0544 Source: CCN Type: RHSA-2003-293 openssl security update Source: CCN Type: SA22249 IBM Rational RequisitePro OpenSSL Vulnerability Source: SECUNIA Type: UNKNOWN 22249 Source: SUNALERT Type: UNKNOWN 201029 Source: CCN Type: IBM Support & downloads Vulnerability Detected: 170.23.146.40:443 - OpenSSL Overflow Via Invalid Certificate Passing Source: CONFIRM Type: UNKNOWN http://www-1.ibm.com/support/docview.wss?uid=swg21247112 Source: CCN Type: CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations Source: CERT Type: US Government Resource CA-2003-26 Source: DEBIAN Type: UNKNOWN DSA-393 Source: DEBIAN Type: UNKNOWN DSA-394 Source: CCN Type: US-CERT VU#380864 OpenSSL contains integer overflow handling ASN.1 tags (2) Source: CERT-VN Type: US Government Resource VU#380864 Source: ENGARDE Type: UNKNOWN ESA-20030930-027 Source: CCN Type: OpenPKG-SA-2003.044 Cryptography and SSL/TLS Toolkit Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:291 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:292 Source: BID Type: UNKNOWN 8732 Source: CCN Type: BID-8732 OpenSSL ASN.1 Parsing Vulnerabilities Source: MISC Type: UNKNOWN http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm Source: VUPEN Type: UNKNOWN ADV-2006-3900 Source: CCN Type: Red Hat Bugzilla Bug 104893 CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes Source: XF Type: UNKNOWN openssl-asn1-sslclient-dos(43041) Source: XF Type: UNKNOWN openssl-asn1-sslclient-dos(43041) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:4574 Source: SUSE Type: SUSE-SA:2003:043 openssl: remote denial-of-service | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |