VDB

CVE-2002-0639

CVE-2002-0639 PUBLISHED CVSS 9.800000190734863 CRITICAL

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

EPSS 33.71% · 97.0th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
33.71%
97.0th percentile

Affected Products

VendorProductVersions
openbsdopenssh2.9.9
n/an/a*

Timeline

  • Jul 3, 2002 CVE Published
  • Sep 23, 2010 PoC Published
  • Feb 4, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 26, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score
  • Dec 22, 2023 EPSS Score
  • Jan 29, 2024 EPSS Score
  • Feb 9, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›