1. Home
  2. CVE Database
  3. CVE-2002-1360
HIGH · 10.0

CVE-2002-1360

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denia...

Vulnerability Description

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
CiscoIos12.0s
FisshSsh Client1.0a_for_windows
IntersoftSecurenetterm5.4.1
NetcompositeShellguard Ssh3.4.6
Pragma SystemsSecureshell2.0
PuttyPutty0.48
WinscpWinscp2.0.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2002-1360?

CVE-2002-1360 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denia...

How severe is CVE-2002-1360?

CVE-2002-1360 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-1360?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Fissh Ssh Client, Intersoft Securenetterm, Netcomposite Shellguard Ssh, Pragma Systems Secureshell.