CVE-2003-0545 — CRITICAL (9.8)

Vulnerability Description

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openssl	Openssl	0.9.6

Related Weaknesses (CWE)

CWE-415

References

http://secunia.com/advisories/22249Broken LinkVendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21247112Broken Link
http://www.cert.org/advisories/CA-2003-26.htmlThird Party AdvisoryUS Government Resource
http://www.debian.org/security/2003/dsa-394Broken Link
http://www.kb.cert.org/vuls/id/935264Third Party AdvisoryUS Government Resource
http://www.redhat.com/support/errata/RHSA-2003-292.htmlBroken LinkPatchVendor Advisory
http://www.securityfocus.com/bid/8732Broken LinkThird Party AdvisoryVDB Entry
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htmBroken LinkPatchVendor Advisory
http://www.vupen.com/english/advisories/2006/3900Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://secunia.com/advisories/22249Broken LinkVendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21247112Broken Link
http://www.cert.org/advisories/CA-2003-26.htmlThird Party AdvisoryUS Government Resource
http://www.debian.org/security/2003/dsa-394Broken Link
http://www.kb.cert.org/vuls/id/935264Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2003-0545?

CVE-2003-0545 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 e...

How severe is CVE-2003-0545?

CVE-2003-0545 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2003-0545?

Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.