Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0656Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssl

8 documents8 sources
Severity
7.5HIGHNVD
EPSS
87.8%
top 0.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
OpensslApple MAC OS XOracle Application Server+2 more
Timeline
PublishedAug 12
Latest updateMay 3

Description

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

Debianopenssl/openssl< 0.9.6e-1+3
NVDopenssl/openssl12 versions+11
NVDapple/mac_os_x11 versions+10
NVDoracle/http_server9.0.1, 9.2.0+1
NVDoracle/application_server1.0.2, 1.0.2.1s, 1.0.2.2+2

🔴Vulnerability Details

3
GHSA
GHSA-9jw8-9j6r-p392: Buffer overflows in OpenSSL 02022-05-03
OSV
CVE-2002-0656: Buffer overflows in OpenSSL 02002-08-12
CVEList
CVE-2002-0656: Buffer overflows in OpenSSL 02002-07-31

💥Exploits & PoCs

1
Exploit-DB
Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow2002-09-17

📋Vendor Advisories

2
Red Hat
security flaw2002-07-30
Debian
CVE-2002-0656: openssl - Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, all...2002

💬Community

1
Bugzilla
CVE-2002-0656 security flaw2018-08-16
CVE-2002-0656 — Openssl vulnerability | cvebase