Openssl : Security Vulnerabilities, CVEs, Published In 2003 (Overflow) CVSS score >= 5
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
Max CVSS
5.0
EPSS Score
95.93%
Published
2003-11-17
Updated
2018-05-03
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.
Max CVSS
5.0
EPSS Score
1.11%
Published
2003-11-17
Updated
2016-10-18
2 vulnerabilities found