Buffer Overflow Vulnerability in Multiple SSH2 Implementations
CVE-2002-1359

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios; Ssh Client; Securenetterm; Shellguard Ssh
Vendor: CVE Published:; 23 December 2002

Summary

Multiple implementations of SSH2 servers and clients exhibit improper handling of large packets and fields. This oversight may allow remote attackers to exploit buffer overflow vulnerabilities, potentially resulting in denial of service scenarios or arbitrary code execution. The risk is illustrated by the SSHredder SSH protocol test suite, which highlights these weaknesses across various SSH2 implementations from multiple vendors.

References

http://securitytracker.com/id?1005812

vdb-entryx_refsource_SECTRACK

http://www.cert.org/advisories/CA-2002-36.html

third-party-advisoryx_refsource_CERT

https://exchange.xforce.ibmcloud.com/vulnerabilities/10870

vdb-entryx_refsource_XF

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2002
Vulnerability Reserved
Dec 14, 2002