CVE
- Id
- 7371
- CVE No.
- CVE-2003-0544
- Status
- Candidate
- Description
- OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
- Phase
- Assigned (20030714)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
Id | CVE Id | CVE No. | Reference | Actions |
---|---|---|---|---|
43320 | 7371 | CVE-2003-0544 | MISC:http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm | View |
43321 | 7371 | CVE-2003-0544 | FULLDISC:20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing | View |
43322 | 7371 | CVE-2003-0544 | CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 | View |
43323 | 7371 | CVE-2003-0544 | VULNWATCH:20030929 Vulnerability Issues in OpenSSL | View |
43324 | 7371 | CVE-2003-0544 | CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21247112 | View |
43325 | 7371 | CVE-2003-0544 | REDHAT:RHSA-2003:291 | View |
43326 | 7371 | CVE-2003-0544 | URL:http://www.redhat.com/support/errata/RHSA-2003-291.html | View |
43327 | 7371 | CVE-2003-0544 | REDHAT:RHSA-2003:292 | View |
43328 | 7371 | CVE-2003-0544 | URL:http://www.redhat.com/support/errata/RHSA-2003-292.html | View |
43329 | 7371 | CVE-2003-0544 | ENGARDE:ESA-20030930-027 | View |
43330 | 7371 | CVE-2003-0544 | URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html | View |
43331 | 7371 | CVE-2003-0544 | DEBIAN:DSA-393 | View |
43332 | 7371 | CVE-2003-0544 | URL:http://www.debian.org/security/2003/dsa-393 | View |
43333 | 7371 | CVE-2003-0544 | DEBIAN:DSA-394 | View |
43334 | 7371 | CVE-2003-0544 | URL:http://www.debian.org/security/2003/dsa-394 | View |
43335 | 7371 | CVE-2003-0544 | SUNALERT:201029 | View |
43336 | 7371 | CVE-2003-0544 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1 | View |
43337 | 7371 | CVE-2003-0544 | CERT:CA-2003-26 | View |
43338 | 7371 | CVE-2003-0544 | URL:http://www.cert.org/advisories/CA-2003-26.html | View |
43339 | 7371 | CVE-2003-0544 | CERT-VN:VU#380864 | View |
43340 | 7371 | CVE-2003-0544 | URL:http://www.kb.cert.org/vuls/id/380864 | View |
43341 | 7371 | CVE-2003-0544 | BID:8732 | View |
43342 | 7371 | CVE-2003-0544 | URL:http://www.securityfocus.com/bid/8732 | View |
43343 | 7371 | CVE-2003-0544 | VUPEN:ADV-2006-3900 | View |
43344 | 7371 | CVE-2003-0544 | URL:http://www.vupen.com/english/advisories/2006/3900 | View |
43345 | 7371 | CVE-2003-0544 | OVAL:oval:org.mitre.oval:def:4574 | View |
43346 | 7371 | CVE-2003-0544 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4574 | View |
43347 | 7371 | CVE-2003-0544 | SECUNIA:22249 | View |
43348 | 7371 | CVE-2003-0544 | URL:http://secunia.com/advisories/22249 | View |
43349 | 7371 | CVE-2003-0544 | XF:openssl-asn1-sslclient-dos(43041) | View |
Related JVN
Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
---|---|---|---|---|---|---|---|---|---|
63561 | JVNDB-2003-000287 | OpenSSL における 不正な ASN.1 構造体によるメモリ二重開放の脆弱性 | OpenSSL の ASN.1 (Abstract Syntax Notation number One) 構造体 (ASN1_TYPE) の解釈部において、構造体用に確保したメモリの開放処理の不備があり、スタック内の値を破壊されてしまう脆弱性が存在します。 | CVE-2003-0545 | 7371 | 7.5 | http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000287.html | View |