CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-1568

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.6%

CVSS Severity

CVSS v2 Score 5.0

References

http://cvs.openssl.org/chngview?cn=7659
http://marc.info/?l=bugtraq&m=106511018214983
http://www.ebitech.sk/patrik/SA/SA-20031002.txt
http://cvs.openssl.org/chngview?cn=7659
http://marc.info/?l=bugtraq&m=106511018214983
http://www.ebitech.sk/patrik/SA/SA-20031002.txt

Products affected by CVE-2002-1568

Openssl » Openssl » Version: 0.9.6e

cpe:2.3:a:openssl:openssl:0.9.6e

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-1568

Products

Pricing

Contact Us