CVE-2002-0655
openssl - multiple remote exploits
EPSS 0.88%
Description
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
How to fix CVE-2002-0655
To remediate CVE-2002-0655, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 0.9.6e-1 or later
- Debian/openssl—upgrade to 0.9.6c-2.woody.1 or later
- Debian/openssl—upgrade to 0.9.6c-2.woody.0 or later
- —upgrade to 0.9.6c-2.woody.1 or later
- —upgrade to 0.9.4-6.woody.2 or later
- —upgrade to 0.9.4-6.woody.0 or later
- —upgrade to 0.9.4-6.woody.1 or later
- —upgrade to 0.9.4-6.woody.2 or later
- —upgrade to 0.9.5a-6.woody.1 or later
- —upgrade to 0.9.5a-6.woody.0 or later
- —upgrade to 0.9.5a-6.woody.1 or later
Is CVE-2002-0655 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (11)
- from 0, < 0.9.6e-1
- from 0, < 0.9.6c-2.woody.1
- from 0, < 0.9.6c-2.woody.0
- from 0, < 0.9.6c-2.woody.1
- from 0, < 0.9.4-6.woody.2
- from 0, < 0.9.4-6.woody.0
- from 0, < 0.9.4-6.woody.1
- from 0, < 0.9.4-6.woody.2
- from 0, < 0.9.5a-6.woody.1
- from 0, < 0.9.5a-6.woody.0
- from 0, < 0.9.5a-6.woody.1