Integer Handling Vulnerability in OpenSSL by OpenSSL Project
CVE-2002-0655

Currently unrated

Key Information:

Vendor: Oracle
Status: Http Server; Corporate Time Outlook Connector; OpenSSL; Application Server
Vendor: CVE Published:; 12 August 2002

What is CVE-2002-0655?

The OpenSSL library versions prior to 0.9.6d and 0.9.7-beta2 expose a vulnerability stemming from inadequate handling of ASCII representations of integers on 64-bit platforms. This flaw allows attackers the potential to orchestrate denial of service attacks and could be exploited to execute arbitrary code. Timely updates and patches are vital to safeguarding systems utilizing affected versions.

References

http://www.linux-mandrake.com/en/security/2002/MDKSA-2002...

vendor-advisoryx_refsource_MANDRAKE

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-03...

vendor-advisoryx_refsource_CALDERA

http://www.cert.org/advisories/CA-2002-23.html

third-party-advisoryx_refsource_CERT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2002
Vulnerability Reserved
Jul 2, 2002

Oracle

What is CVE-2002-0655?

References

Timeline