Search

published date: September 22, 2003

CVE-2003-0693 : A "buffer management error"...

Description

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

Product(s):

  • OpenBSD OpenSSH
  • OpenBSD OpenSSH 1.2.1
  • OpenBSD OpenSSH 1.2.27
  • OpenBSD OpenSSH 1.2.2

Question to Ask Vendors:

  1. Can you confirm whether your systems are affected by CVE-2003-0693, and if so, what steps are you currently taking to mitigate this vulnerability?
  2. What is your estimated timeline for fully resolving CVE-2003-0693 in your products or services, and how will you communicate updates on this issue to us as your customer?

READY TO GET RESULTS YOU CAN TRUST?