CVE-2002-0082

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/03/2002
Last modified:
03/04/2025

Description

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache-ssl:apache-ssl:1.40:*:*:*:*:*:*:*
cpe:2.3:a:apache-ssl:apache-ssl:1.41:*:*:*:*:*:*:*
cpe:2.3:a:apache-ssl:apache-ssl:1.42:*:*:*:*:*:*:*
cpe:2.3:a:apache-ssl:apache-ssl:1.44:*:*:*:*:*:*:*
cpe:2.3:a:apache-ssl:apache-ssl:1.45:*:*:*:*:*:*:*
cpe:2.3:a:apache-ssl:apache-ssl:1.46:*:*:*:*:*:*:*
cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mod_ssl:mod_ssl:2.8:*:*:*:*:*:*:*
cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools