Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0575Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssh

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
3.4%
top 12.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Openbsd Openssh
Timeline
PublishedJun 18
Latest updateMay 3

Description

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDopenbsd/openssh16 versions+15

Patches

Patch: archives.neohapsis.comPatch: www.iss.netPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-685f-rgr9-34mg: Buffer overflow in OpenSSH before 22022-05-03
CVEList
CVE-2002-0575: Buffer overflow in OpenSSH before 22003-04-02

💥Exploits & PoCs

1
Exploit-DB
OpenSSH 2.x/3.x - Kerberos 4 TGT/AFS Token Buffer Overflow2002-04-19
CVE-2002-0575 — Openbsd Openssh vulnerability | cvebase