CVE-2002-1568

Name of the Vulnerable Software and Affected Versions OpenSSL version 0.9.6e

Description The issue allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion. This is demonstrated using SSLv2 CLIENT MASTER KEY messages, which are not properly handled in s2 srvr.c.

Recommendations For OpenSSL version 0.9.6e, consider updating to a newer version that properly handles buffer overflow attacks with less severe mechanisms than assertions to prevent denial of service crashes.