CVE-2002-0657Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssl

6 documents6 sources
Severity
7.5HIGHNVD
EPSS
3.7%
top 12.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpensslDebian Openssl
Timeline
PublishedAug 12
Latest updateMay 3

Description

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/openssl< openssl 0.9.6e-1 (bookworm)
Debianopenssl/openssl< 0.9.6e-1+3
NVDopenssl/openssl0.9.7

Patches

Patch: www.cert.orgPatch: www.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-p3wx-7ggv-j5vx: Buffer overflow in OpenSSL 02022-05-03
OSV
CVE-2002-0657: Buffer overflow in OpenSSL 02002-08-12

📋Vendor Advisories

2
Red Hat
security flaw2002-07-30
Debian
CVE-2002-0657: openssl - Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allo...2002

💬Community

1
Bugzilla
CVE-2002-0657 security flaw2018-08-16