CVE-2002-2227
published 2002-12-31CVE-2002-2227: Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
PriorityP425critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
2.98%
85.6th percentile
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ssldump | < ssldump 0.9b3-1 (bookworm) | ssldump 0.9b3-1 (bookworm) |
| eric_rescorla | ssldump | >= 0 < 0.9b3-1 | 0.9b3-1 |
| eric_rescorla | ssldump | >= 0 < 0.9b3-1 | 0.9b3-1 |
| eric_rescorla | ssldump | >= 0 < 0.9b3-1 | 0.9b3-1 |
| eric_rescorla | ssldump | >= 0 < 0.9b3-1 | 0.9b3-1 |
| rtfm | ssldump | <= 0.9b2 | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qxrr-6vvc-2mcc: Buffer underflow in ssldump 0
ghsa_unreviewed·2022-04-30
CVE-2002-2227 [HIGH] CWE-119 GHSA-qxrr-6vvc-2mcc: Buffer underflow in ssldump 0
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
OSV
CVE-2002-2227: Buffer underflow in ssldump 0
osv·2002-12-31·CVSS 10.0
CVE-2002-2227 [CRITICAL] CVE-2002-2227: Buffer underflow in ssldump 0
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
Debian
CVE-2002-2227: ssldump - Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a...
vendor_debian·2002·CVSS 10.0
CVE-2002-2227 [CRITICAL] CVE-2002-2227: ssldump - Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a...
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
Scope: local
bookworm: resolved (fixed in 0.9b3-1)
bullseye: resolved (fixed in 0.9b3-1)
forky: resolved (fixed in 0.9b3-1)
sid: resolved (fixed in 0.9b3-1)
trixie: resolved (fixed in 0.9b3-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Buffer Underwrite ('Buffer Underflow')
mitre_cwe
CWE-124 Buffer Underwrite ('Buffer Underflow')
CWE-124: Buffer Underwrite ('Buffer Underflow')
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Modes of Introduction:
Phase: Implementation
Note: This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
Common Consequences:
Scope: Integrity, Availability. Impact: Modify Memory, DoS: Crash, Exit, or Restart. Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash.
Scope: Integrity, Confidentiality, Availability, Access Control, Other. Impact: Execute U
CWE
Out-of-bounds Write
mitre_cwe
CWE-787 Out-of-bounds Write
CWE-787: Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Memory, Execute Unauthorized Code or Commands. Write operations could cause memory corruption. In some cases, an adversary can modify control data such as return addresses in order to execute unexpected code.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. Attempting to access out-of-range, invalid, or unauthorized memory could cause the product to crash.
Scope: Other. Impact: Unexpected State. Subsequent write operations can produce undefined or unexpected results.
Detection Methods:
Automated Static Analysis: This weakness can often be detected using automated s
CWE
Access of Memory Location Before Start of Buffer
mitre_cwe
CWE-786 Access of Memory Location Before Start of Buffer
CWE-786: Access of Memory Location Before Start of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory. For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more sev
http://www.rtfm.com/ssldump/http://www.securityfocus.com/archive/1/291329http://www.securityfocus.com/bid/5693https://exchange.xforce.ibmcloud.com/vulnerabilities/10087http://www.rtfm.com/ssldump/http://www.securityfocus.com/archive/1/291329http://www.securityfocus.com/bid/5693https://exchange.xforce.ibmcloud.com/vulnerabilities/10087
2002-12-31
Published