CVE-2003-0544

EPSS 26.2%

Published: 11/17/2003Modified: 4/28/2026

Description

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

Affected packages (1)

Debian/opensslfrom 0, < 0.9.7c

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2003-0544