CVE-2005-1730 : Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause

Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.

Published 2005-12-31 05:00:00

Updated 2011-03-08 02:22:45

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2005-1730

Probability of exploitation activity in the next 30 days: 2.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-1730

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

Vendor statements for CVE-2005-1730

Red Hat 2007-04-02

Based on our research we believe that the "OpenSSL ASN.1 brute forcer." is actually exploiting flaws CVE-2003-0543, CVE-2003-0544, CVE-2003-0545. Those issues are all addressed in Red Hat Enterprise Linux and therefore CVE-2005-1730 is a duplicate assignment.

References for CVE-2005-1730

Products affected by CVE-2005-1730

Novell » Imanager
Versions up to, including, (<=) 2.0.2
cpe:2.3:a:novell:imanager:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-1730

Exploit prediction scoring system (EPSS) score for CVE-2005-1730

CVSS scores for CVE-2005-1730

Vendor statements for CVE-2005-1730

References for CVE-2005-1730

Products affected by CVE-2005-1730