Skip to navigation

CVE Database

CVE-2003-0544

Impact: Moderate
Public: 2003-09-30
Bugzilla: 104893: CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes

Details

The MITRE CVE dictionary describes this issue as:

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

Find out more about CVE-2003-0544 from the MITRE CVE dictionary and NIST NVD.

Statement

For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.

The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.

The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).

Red Hat security errata

Platform Errata Release Date
Red Hat Linux 7.1 RHSA-2003:291 September 30, 2003
Red Hat Linux 7.2 RHSA-2003:291 September 30, 2003
Red Hat Linux 7.3 RHSA-2003:291 September 30, 2003
Red Hat Linux 8.0 RHSA-2003:291 September 30, 2003
Red Hat Linux 9 RHSA-2003:292 September 30, 2003
Red Hat Linux Advanced Workstation 2.1 RHSA-2003:293 September 30, 2003
Red Hat Stronghold 4 RHSA-2003:290 September 30, 2003

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.