Description

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

Remediation

References

CVE-2003-0544

Related Vulnerabilities

WordPress Plugin WordPress Download Manager Unspecified Vulnerability (3.1.18)

Moodle Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2016-7038)

XWiki Incorrect Authorization Vulnerability (CVE-2022-23615)

WordPress Plugin Stop User Enumeration User Enumeration (1.3.4)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7945)

Severity

Medium

Classification

CVE-2003-0544

Tags

Missing Update Known Vulnerabilities