New Search

OpenSSL ASN.1 Inputs Character Tracking Vulnerability

oval:org.mitre.oval:def:4574

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 9
  • Sun Solaris 8
Class:
vulnerability
Reference(s):
  • CVE-2003-0544
Product(s):
  • Sun Cluster