Search for vulnerabilities
Vulnerability details: VCID-k1qf-cb5w-aaaj
Vulnerability ID VCID-k1qf-cb5w-aaaj
Aliases CVE-2003-0851
VC-OPENSSL-20031104-CVE-2003-0851
Summary A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2004:119
epss 0.05079 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.05079 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.05079 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.05079 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.06853 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.15344 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
epss 0.17292 https://api.first.org/data/v1/epss?cve=CVE-2003-0851
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1617090
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2003-0851
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
http://marc.info/?l=bugtraq&m=106796246511667&w=2
http://marc.info/?l=bugtraq&m=108403850228012&w=2
http://rhn.redhat.com/errata/RHSA-2004-119.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0851.json
https://api.first.org/data/v1/epss?cve=CVE-2003-0851
http://secunia.com/advisories/17381
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528
https://www.openssl.org/news/secadv/20031104.txt
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
http://www.kb.cert.org/vuls/id/412478
http://www.openssl.org/news/secadv_20031104.txt
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
http://www.securityfocus.com/bid/8970
1617090 https://bugzilla.redhat.com/show_bug.cgi?id=1617090
CVE-2003-0851 https://nvd.nist.gov/vuln/detail/CVE-2003-0851
RHSA-2004:119 https://access.redhat.com/errata/RHSA-2004:119
RHSA-2004:139 https://access.redhat.com/errata/RHSA-2004:139
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2003-0851
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92806
EPSS Score 0.05079
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.