CVE-2002-1360

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.

Severity	HIGH
CVSS	10.0
CWE	CWE-20
KEV
Published	23 years ago
Modified	1 month ago

Related Products

Product	Advisory	Evidence
Cisco WebNS	cisco-sa-20021219-ssh-packet	Cisco OpenVuln
Cisco PIX Firewall Software	cisco-sa-20021219-ssh-packet	Cisco OpenVuln
Cisco PIX Firewall	cisco-sa-20021219-ssh-packet	Cisco OpenVuln
Cisco Optical Networking Systems (ONS)	cisco-sa-20021219-ssh-packet	Cisco OpenVuln
Cisco IOS	cisco-sa-20021219-ssh-packet	Cisco OpenVuln
Cisco Firewall Services Module (FWSM)	cisco-sa-20021219-ssh-packet	Cisco OpenVuln
Cisco Content Services Switch (CSS)	cisco-sa-20021219-ssh-packet	Cisco OpenVuln