Denial of Service in OpenSSL ASN.1 Parsing
CVE-2003-0851

Currently unrated

Key Information:

Vendor

Cisco
Status
Ios
Css11000 Content Services Switch
Pix Firewall
OpenSSL
Vendor
CVE Published:
1 December 2003

What is CVE-2003-0851?

An issue in OpenSSL versions prior to 0.9.7 can be exploited by remote attackers to cause a denial of service condition. This occurs through the processing of malformed ASN.1 sequences, which can result in a crash due to excessive recursion during parsing. This vulnerability underscores the importance of proper input validation and the necessity of keeping security libraries up to date to mitigate risks.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.redhat.com/archives/fedora-announce-list/2005-...
vendor-advisoryx_refsource_FEDORA
ftp://patches.sgi.com/support/free/security/advisories/20...
vendor-advisoryx_refsource_SGI

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.