CVE-2003-0544
EPSS 26.2%
Description
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
How to fix CVE-2003-0544
To remediate CVE-2003-0544, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 0.9.7c or later
Is CVE-2003-0544 being exploited?
Moderate — EPSS is 26.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 0.9.7c