CVE-2003-0078: CVE-2003-0078

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2003-0078

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenSSL CBC错误信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenSSL 0.9.7a之前的版本和0.9.6i之前的0.9.6版本中s3_pkt.c的ssl3_get_record如果使用不正确分组密码进行填充，将不执行MAC计算，可以导致信息泄露（时序差异），该漏洞可能更容易导致凭借区分填充和MAC检验错误差别的加密攻击，并且可能导致原始明文被提取，也称为“Vaudenay timing attack”。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2003-0078

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2003-0078

Please Login to view more intelligence information

http://www.openssl.org/news/secadv_20030219.txtx_refsource_CONFIRM
http://www.securityfocus.com/bid/6884vdb-entryx_refsource_BID
http://www.osvdb.org/3945vdb-entryx_refsource_OSVDB
http://www.ciac.org/ciac/bulletins/n-051.shtmlthird-party-advisorygovernment-resourcex_refsource_CIAC
http://www.debian.org/security/2003/dsa-253vendor-advisoryx_refsource_DEBIAN
http://www.trustix.org/errata/2003/0005vendor-advisoryx_refsource_TRUSTIX
http://www.redhat.com/support/errata/RHSA-2003-062.htmlvendor-advisoryx_refsource_REDHAT
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570vendor-advisoryx_refsource_CONECTIVA
http://www.redhat.com/support/errata/RHSA-2003-082.htmlvendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-104.htmlvendor-advisoryx_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-Ivendor-advisoryx_refsource_SGI
http://www.redhat.com/support/errata/RHSA-2003-063.htmlvendor-advisoryx_refsource_REDHAT
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020vendor-advisoryx_refsource_MANDRAKE
http://marc.info/?l=bugtraq&m=104577183206905&w=2vendor-advisoryx_refsource_GENTOO
http://www.linuxsecurity.com/advisories/engarde_advisory-2874.htmlvendor-advisoryx_refsource_ENGARDE
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.ascvendor-advisoryx_refsource_NETBSD
http://www.iss.net/security_center/static/11369.phpvdb-entryx_refsource_XF
http://marc.info/?l=bugtraq&m=104567627211904&w=2mailing-listx_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=104568426824439&w=2mailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2003-0078

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2003-0078

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2003-0078

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2003-0078

III. Intelligence Information for CVE-2003-0078

IV. Related Vulnerabilities

V. Comments for CVE-2003-0078

Leave a comment