CVE-2002-0656

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

Published: Aug 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0656
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / http_server	9.0.1	9.0.1.x
oracle / corporate_time_outlook_connector	3.1	3.1.x
oracle / corporate_time_outlook_connector	3.1.2	3.1.2.x
openssl / openssl	0.9.3	0.9.3.x
openssl / openssl	0.9.7-beta2	0.9.7-beta2.x
oracle / application_server	-	-
openssl / openssl	0.9.6d	0.9.6d.x
openssl / openssl	0.9.1c	0.9.1c.x
openssl / openssl	0.9.6	0.9.6.x
openssl / openssl	0.9.6a	0.9.6a.x
openssl / openssl	0.9.4	0.9.4.x
oracle / http_server	9.2.0	9.2.0.x
openssl / openssl	0.9.5a	0.9.5a.x
oracle / corporate_time_outlook_connector	3.3	3.3.x
openssl / openssl	0.9.6b	0.9.6b.x
oracle / application_server	1.0.2.1s	1.0.2.1s.x
openssl / openssl	0.9.7-beta1	0.9.7-beta1.x
openssl / openssl	0.9.6c	0.9.6c.x
oracle / application_server	1.0.2.2	1.0.2.2.x
oracle / corporate_time_outlook_connector	3.1.1	3.1.1.x
openssl / openssl	0.9.2b	0.9.2b.x
openssl / openssl	0.9.5	0.9.5.x
oracle / application_server	1.0.2	1.0.2.x
apple / mac_os_x	10.0.2	10.0.2.x
apple / mac_os_x	10.1	10.1.x
apple / mac_os_x	10.0.1	10.0.1.x
apple / mac_os_x	10.0.3	10.0.3.x
apple / mac_os_x	10.1.4	10.1.4.x
apple / mac_os_x	10.0	10.0.x
apple / mac_os_x	10.1.3	10.1.3.x
apple / mac_os_x	10.1.5	10.1.5.x
apple / mac_os_x	10.1.1	10.1.1.x
apple / mac_os_x	10.0.4	10.0.4.x
apple / mac_os_x	10.1.2	10.1.2.x

Vulnerability Database

289,599

CVE-2002-0656