CVE-2002-1568 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssl

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedNov 17

Latest updateApr 30

Description

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 0.9.6g-1 (bookworm)

▶Debianopenssl/openssl< 0.9.6g-1+3

▶NVDopenssl/openssl0.9.6e

Patches

Patch: cvs.openssl.org ↗Patch: cvs.openssl.org ↗

🔴Vulnerability Details

GHSA

GHSA-3626-95rf-mfw3: OpenSSL 0↗2022-04-30

▶

OSV

CVE-2002-1568: OpenSSL 0↗2003-11-17

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-10-02

▶

Debian

CVE-2002-1568: openssl - OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of...↗2002

▶

💬Community

Bugzilla

CVE-2002-1568 security flaw↗2018-08-16

▶