Vulnerability Details : CVE-2003-0545
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2003-0545
Probability of exploitation activity in the next 30 days: 51.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-0545
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2003-0545
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2003-0545
-
Red Hat 2008-07-07Not vulnerable. The OpenSSL packages in Red Hat Enterprise Linux 2.1 were not affected by this issue. The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 contain a backported patch since their initial release (openssl), or were not affected by this issue (openssl096b). The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).
-
http://www.vupen.com/english/advisories/2006/3900
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590
404 Not FoundBroken Link
-
http://www.kb.cert.org/vuls/id/935264
VU#935264 - OpenSSL ASN.1 parser insecure memory deallocationThird Party Advisory;US Government Resource
-
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
Broken Link;Patch;Vendor Advisory
-
http://www.debian.org/security/2003/dsa-394
Debian -- The Universal Operating SystemBroken Link
-
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
IBM notice: The page you requested cannot be displayedBroken Link
-
http://www.cert.org/advisories/CA-2003-26.html
2003 CERT AdvisoriesThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/8732
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/22249
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2003-292.html
SupportBroken Link;Patch;Vendor Advisory
- cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*