CVE-2002-2207 : Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitr

Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret.

Published 2002-12-31 05:00:00

Updated 2008-09-05 20:32:37

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2002-2207

Probability of exploitation activity in the next 30 days: 5.42%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-2207

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2002-2207

http://www.iss.net/security_center/static/10086.php

Patch
http://www.securityfocus.com/bid/5690

Patch
http://www.rtfm.com/ssldump/

404 Not Found
Patch

CVEs referencing this url

Products affected by CVE-2002-2207

Eric Rescorla » Ssldump » Version: 0.9b1
cpe:2.3:a:eric_rescorla:ssldump:0.9b1:*:*:*:*:*:*:*
Matching versions
Eric Rescorla » Ssldump » Version: 0.9b2
cpe:2.3:a:eric_rescorla:ssldump:0.9b2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-2207

Exploit prediction scoring system (EPSS) score for CVE-2002-2207

CVSS scores for CVE-2002-2207

References for CVE-2002-2207

Products affected by CVE-2002-2207