Description

OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.

Remediation

References

CVE-2002-1568

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8089)

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.13)

WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.1)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1999042)

Drupal Core 7.x Multiple Vulnerabilities (7.0)

Severity

Medium

Classification

CVE-2002-1568

Tags

Missing Update Known Vulnerabilities