CVE-2003-0543

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.6 and 0.9.7

Description The issue concerns multiple vulnerabilities in the OpenSSL package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client.

Recommendations For OpenSSL versions 0.9.6 and 0.9.7, consider applying workarounds to mitigate the effects of these vulnerabilities, such as configuring the server to not authenticate certificates from the client. At the moment, there is no information about a newer version that contains a fix for this vulnerability.