1. Home
  2. CVE Database
  3. CVE-2002-1359
HIGH · 10.0

CVE-2002-1359

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer over...

Vulnerability Description

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
CiscoIos12.0s
FisshSsh Client1.0a_for_windows
IntersoftSecurenetterm5.4.1
NetcompositeShellguard Ssh3.4.6
Pragma SystemsSecureshell2.0
PuttyPutty0.48
WinscpWinscp2.0.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2002-1359?

CVE-2002-1359 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer over...

How severe is CVE-2002-1359?

CVE-2002-1359 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-1359?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Fissh Ssh Client, Intersoft Securenetterm, Netcomposite Shellguard Ssh, Pragma Systems Secureshell.