CVE-2002-1360 — HIGH severity vulnerability (Multiple SSH2 servers and clients do not properly handle str)
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implement
| CVE ID | CVE-2002-1360 |
|---|---|
| Severity | HIGH |
| CVSS score | 10.0 |
| CVSS vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| CWE | CWE-20 |
| Status | Modified |
| Published | 2002-12-23 |
| Last modified | 2026-04-16 |
| Description | Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →