CVE-2002-0655

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.5a through 0.9.6e OpenSSL versions 0.9.7-beta2 and earlier

Description Multiple vulnerabilities have been found in the OpenSSL package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The issues include buffer overflows, insufficient checking of bounds with regards to ASCII representations of integers on 64-bit platforms, and parsing errors in the OpenSSL ASN.1 library. This can result in denial of service, execution of arbitrary code, or overwrite of key memory areas.

Recommendations For OpenSSL versions 0.9.5a through 0.9.6e, update to a version later than 0.9.6e to resolve the issue. For OpenSSL versions 0.9.7-beta2 and earlier, update to a version later than 0.9.7-beta2 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable OpenSSL library until a patch is available. Avoid using oversized master keys or SSL version 3 session IDs in the affected API endpoints until the issue is resolved.