CVE-2003-0851

Name of the Vulnerable Software and Affected Versions OpenSSL version 0.9.6k

Description The issue allows remote attackers to cause a denial of service by crashing the system via large recursion. This can be achieved by sending malformed ASN.1 sequences or a specifically crafted certificate. An affected network device running an SSL server based on the affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client.

Recommendations For OpenSSL version 0.9.6k, consider applying available workarounds to mitigate the effects of this issue, such as configuring the server to handle malformed certificates in a way that prevents the denial of service. As a temporary workaround, consider restricting the handling of ASN.1 tags to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.