CVE-2002-1645 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ssh2

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

14.5%

top 5.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SSH Ssh2

Timeline

PublishedNov 25

Latest updateApr 30

Description

Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDssh/ssh26 versions+5

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.ssh.com ↗

🔴Vulnerability Details

GHSA

GHSA-pgj6-rx26-xq27: Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3↗2022-04-30

▶

CVEList

CVE-2002-1645: Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3↗2005-03-28

▶