Published: 17/11/2003 Updated: 02/02/2024

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Double free vulnerability in OpenSSL 0.9.7 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 0.9.6
openssl openssl 0.9.7

Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre (NISCC) A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificat ...

On September 30, 2003, new vulnerabilities in the OpenSSL implementation for SSL were announced This is referred to as the "first" vulnerability in this document On November 4, 2003, another vulnerability in the OpenSSL implementation for SSL, version 096, was announced This is referred to as the "second" vulnerability in this ...

CWE-415 http://www.redhat.com/support/errata/RHSA-2003-292.html http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm http://www.debian.org/security/2003/dsa-394 http://www.cert.org/advisories/CA-2003-26.html http://www.kb.cert.org/vuls/id/935264 http://www-1.ibm.com/support/docview.wss?uid=swg21247112 http://secunia.com/advisories/22249 http://www.securityfocus.com/bid/8732 http://www.vupen.com/english/advisories/2006/3900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590 https://www.debian.org/security/./dsa-394 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/935264

CVE-2003-0545

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect