VDB
CVE-2002-0666
CVE-2002-0666
PUBLISHED
CVSS 5 MEDIUM
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
EPSS 0.74% · 73.4th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.74%
73.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apple | mac_os_x_server | 10.2 |
| apple | mac_os_x | 10.2 |
| nec | ix1020 | |
| n/a | n/a | n/a |
| nec | bluefire_ix1035_router | |
| freebsd | freebsd | 4.6, 4.6, 4.6 |
| frees_wan | frees_wan | 1.9, 1.9.3, 1.9.6 |
| nec | ix1011 | |
| nec | ix1010 | |
| nec | ix2010 | |
| nec | ix1050 | |
| netbsd | netbsd | 1.5.3, 1.5.1, 1.5 |
| global_technology_associates | gnat_box_firmware | 3.3, 3.2, 3.1 |
Timeline
- Oct 17, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 20021018 Denial of Service in IPSEC implementations vendor-advisory
- ipsec-packet-integer-overflow(10411) vdb
- 6011 vdb
- DSA-201 vendor-advisory
- VU#459371 third-party-advisory
- NetBSD-SA2002-016 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-0666 advisory