CVE-2002-0656 — Vulnetix

Try Vulnetix Request Demo

CVE-2002-0656 PUBLISHED CVSS 7.5 HIGH

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

EPSS 87.76% · 99.5th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

87.76%

99.5th percentile

Affected Products

Vendor	Product	Versions
openssl	openssl	0.9.7, 0.9.1c, 0.9.2b
apple	mac_os_x	10.1.1, 10.0.1, 10.0.2
oracle	http_server	9.0.1, 9.2.0
oracle	application_server	1.0.2, 1.0.2.1s, 1.0.2.2
n/a	n/a	n/a
oracle	corporate_time_outlook_connector	3.3, 3.1.2, 3.1.1

Timeline

Jul 31, 2002 CVE Published
Feb 4, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Dec 13, 2023 EPSS Score
Feb 3, 2024 EPSS Score

References

5363 vdb
5362 vdb
VU#102795 third-party-advisory
MDKSA-2002:046 vendor-advisory
CSSA-2002-033.0 vendor-advisory
VU#258555 third-party-advisory
openssl-ssl2-masterkey-bo(9714) vdb
CA-2002-23 third-party-advisory
CSSA-2002-033.1 vendor-advisory
CLA-2002:513 vendor-advisory
FreeBSD-SA-02:33 vendor-advisory
openssl-ssl3-sessionid-bo(9716) vdb
https://nvd.nist.gov/vuln/detail/CVE-2002-0656 advisory

Open in Interactive Console →