CVE - CVE-2003-0544

CVE-ID
CVE-2003-0544	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:8732 URL:http://www.securityfocus.com/bid/8732 CERT:CA-2003-26 URL:http://www.cert.org/advisories/CA-2003-26.html CERT-VN:VU#380864 URL:http://www.kb.cert.org/vuls/id/380864 CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21247112 DEBIAN:DSA-393 URL:http://www.debian.org/security/2003/dsa-393 DEBIAN:DSA-394 URL:http://www.debian.org/security/2003/dsa-394 ENGARDE:ESA-20030930-027 URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html FULLDISC:20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing MISC:http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm OVAL:oval:org.mitre.oval:def:4574 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574 REDHAT:RHSA-2003:291 URL:http://www.redhat.com/support/errata/RHSA-2003-291.html REDHAT:RHSA-2003:292 URL:http://www.redhat.com/support/errata/RHSA-2003-292.html SECUNIA:22249 URL:http://secunia.com/advisories/22249 SUNALERT:201029 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1~~ (Obsolete source) VULNWATCH:20030929 Vulnerability Issues in OpenSSL VUPEN:ADV-2006-3900 URL:~~http://www.vupen.com/english/advisories/2006/3900~~ (Obsolete source) XF:openssl-asn1-sslclient-dos(43041) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43041
Assigning CNA
MITRE Corporation
Date Record Created
20030714	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20030714)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)