Red Hat Customer Portal

Skip to main content

CVE-2003-0544

Impact:
Moderate
Public Date:
2003-09-30
Bugzilla:
104893: CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes

The MITRE CVE dictionary describes this issue as:

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

Find out more about CVE-2003-0544 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.

The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.

The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Linux 7.2 RHSA-2003:291 2003-09-30
Red Hat Stronghold 4 RHSA-2003:290 2003-09-30
Red Hat Linux 7.1 RHSA-2003:291 2003-09-30
Red Hat Linux 8.0 RHSA-2003:291 2003-09-30
Red Hat Enterprise Linux 2.1 RHSA-2003:293 2003-09-30
Red Hat Linux 7.3 RHSA-2003:291 2003-09-30
Red Hat Linux 9 RHSA-2003:292 2003-09-30

Last Modified