ByteOS Network

NVD Vulnerability Details :

CVE-2002-1360

Modified

Source-cve@mitre.org

Published At-23 Dec, 2002 | 05:00

Updated At-16 Apr, 2026 | 00:27

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Cisco Systems, Inc.

>>ios>>12.0s

cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.0st

cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.1e

cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.1ea

cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.1t

cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2

cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2s

cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2t

cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*

fissh>>ssh_client>>1.0a_for_windows

cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*

intersoft>>securenetterm>>5.4.1

cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*

netcomposite>>shellguard_ssh>>3.4.6

cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*

pragma_systems>>secureshell>>2.0

cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*

putty>>putty>>0.48

cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*

putty>>putty>>0.49

cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*

putty>>putty>>0.53

cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*

winscp>>winscp>>2.0.0

cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

CWE ID: CWE-20

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html	cve@mitre.org	Vendor Advisory
http://securitytracker.com/id?1005812	cve@mitre.org	N/A
http://securitytracker.com/id?1005813	cve@mitre.org	N/A
http://www.cert.org/advisories/CA-2002-36.html	cve@mitre.org	Third Party Advisory US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797	cve@mitre.org	N/A
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://securitytracker.com/id?1005812	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securitytracker.com/id?1005813	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.cert.org/advisories/CA-2002-36.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797	af854a3a-2127-422b-91ae-364da2661108	N/A