CVE-2002-0656

Description

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

How to fix CVE-2002-0656

To remediate CVE-2002-0656, upgrade the affected package to a fixed version below.

• Debian/openssl—upgrade to 0.9.6e-1 or later

Is CVE-2002-0656 being exploited?

Likely — EPSS is 89.1%, placing CVE-2002-0656 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 0.9.6e-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-0656