Improper input validation in OpenSSL
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2002-0659 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
OpenSSL Server applications / Encryption software |
| Vendor | OpenSSL Software Foundation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper input validation
EUVDB-ID: #VU244
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2002-0659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a flaw in the ASN1 library. A remote unauthenticated attacker can cause a denial of service by sending invalid encodings.
Successful exploitation of this vulnerability may result in a denial of service.
Upgrade your version to OpenSSL 0.9.6e.
Vulnerable software versionsOpenSSL: 0.9.6 - 0.9.6d
External linkshttp://www.openssl.org/news/vulnerabilities.html#y2002
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
