Denial of Service in OpenSSL ASN.1 Parsing
CVE-2003-0851

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios; Css11000 Content Services Switch; Pix Firewall; OpenSSL
Vendor: CVE Published:; 1 December 2003

Summary

An issue in OpenSSL versions prior to 0.9.7 can be exploited by remote attackers to cause a denial of service condition. This occurs through the processing of malformed ASN.1 sequences, which can result in a crash due to excessive recursion during parsing. This vulnerability underscores the importance of proper input validation and the necessity of keeping security libraries up to date to mitigate risks.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.redhat.com/archives/fedora-announce-list/2005-...

vendor-advisoryx_refsource_FEDORA

ftp://patches.sgi.com/support/free/security/advisories/20...

vendor-advisoryx_refsource_SGI

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 1, 2003
Vulnerability Reserved
Oct 10, 2003