CVE-2003-0693 Affecting openssh package, versions <1:3.6.1p2-6.0


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
71.42% (99th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN8-OPENSSH-368847
  • published22 Sept 2003
  • disclosed22 Sept 2003

Introduced: 22 Sep 2003

CVE-2003-0693  (opens in a new tab)

How to fix?

Upgrade Debian:8 openssh to version 1:3.6.1p2-6.0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

CVSS Scores

version 3.1