CVE-2002-0659

OpenSSL 0.9.6d and earlier, 0.9.7-beta2 and earlier - Denial of Service via Invalid ASN1 Encodings

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0659. PoCs published by Syzop.

AI-analyzed exploit summary This is a brute-force exploit for OpenSSL ASN.1 parsing vulnerabilities (CVE-2002-0659). It sends corrupted client certificates to an SSL server, potentially causing a denial of service or arbitrary code execution. The code includes functions to send malformed SSL handshakes and corrupt ASN.1 data.

Description

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Syzop · cremotemultiple

https://www.exploit-db.com/exploits/23199

View Code ZIP pw:eip

This is a brute-force exploit for OpenSSL ASN.1 parsing vulnerabilities (CVE-2002-0659). It sends corrupted client certificates to an SSL server, potentially causing a denial of service or arbitrary code execution. The code includes functions to send malformed SSL handshakes and corrupt ASN.1 data.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: OpenSSL <=0.9.6j and <=0.9.7b

No auth needed

Prerequisites: Network access to target SSL server · Target server must be running vulnerable OpenSSL version

MITRE ATT&CK