Back to search
CVE-2002-1360
Published: Dec 17, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1005812
vdb-entry
x_refsource_SECTRACK
oval:org.mitre.oval:def:5797
vdb-entry
signature
x_refsource_OVAL
CA-2002-36
third-party-advisory
x_refsource_CERT
20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
mailing-list
x_refsource_VULNWATCH
1005813
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now