Description

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Remediation

References

CVE-2002-0082

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5692)

WordPress 6.0.x Multiple Vulnerabilities (6.0 - 6.0.5)

MediaWiki Missing Authorization Vulnerability (CVE-2019-12470)

phpMyFAQ Other Vulnerability (CVE-2005-3049)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33326)

Severity

High

Classification

CVE-2002-0082

Tags

Missing Update Known Vulnerabilities