Search

published date: October 6, 2003

CVE-2003-0695 : Denial of Service Vulnerability

Description

Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.

Product(s):

  • OpenBSD OpenSSH
  • OpenBSD OpenSSH 1.2.1
  • OpenBSD OpenSSH 1.2.27
  • OpenBSD OpenSSH 1.2.2

Question to Ask Vendors:

  1. Can you confirm whether your systems are affected by CVE-2003-0695, and if so, what steps are you currently taking to mitigate this vulnerability?
  2. What is your estimated timeline for fully resolving CVE-2003-0695 in your products or services, and how will you communicate updates on this issue to us as your customer?

READY TO GET RESULTS YOU CAN TRUST?