CVE-2003-0545

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.6 through 0.9.7a

Description The issue concerns multiple vulnerabilities in the OpenSSL package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially allowing attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with crafted invalid ASN.1 encoding. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client.

Recommendations For OpenSSL versions 0.9.6 through 0.9.7a, consider applying workarounds to mitigate the effects of these vulnerabilities, such as configuring the server to not authenticate certificates from the client or restricting access to the SSL server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.