10

CVE-2003-0545

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.6
OpenSSLOpenSSL Version0.9.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 85.45% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address.

http://secunia.com/advisories/22249
Vendor Advisory
Broken Link
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
Broken Link
http://www.cert.org/advisories/CA-2003-26.html
Third Party Advisory
US Government Resource
http://www.debian.org/security/2003/dsa-394
Broken Link
http://www.redhat.com/support/errata/RHSA-2003-292.html
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/8732
Third Party Advisory
Broken Link
VDB Entry
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
Patch
Vendor Advisory
Broken Link
http://www.vupen.com/english/advisories/2006/3900
Broken Link
http://www.kb.cert.org/vuls/id/935264
Third Party Advisory
US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590
Broken Link