CVE-2002-0639Integer Overflow or Wraparound in Openssh

CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
36.7%
top 2.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedJul 3
Latest updateMay 3

Description

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianopenbsd/openssh< 1:3.4+3
NVDopenbsd/openssh2.9.93.3

🔴Vulnerability Details

3
GHSA
GHSA-p3cc-85g2-jg55: Integer overflow in sshd in OpenSSH 22022-05-03
CVEList
CVE-2002-0639: Integer overflow in sshd in OpenSSH 22003-04-02
OSV
CVE-2002-0639: Integer overflow in sshd in OpenSSH 22002-07-03

📋Vendor Advisories

2
Debian
CVE-2002-0639: openssh - Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to...2002
Red Hat
CVE-2002-0639: Integer overflow in sshd in OpenSSH 2
CVE-2002-0639 — Integer Overflow or Wraparound | cvebase