Unrated severityNVD Advisory· Published Mar 15, 2002· Updated Apr 16, 2026

CVE-2002-0082

Description

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Affected products

Apache Ssl/Apache SSL6 versions
cpe:2.3:a:apache-ssl:apache-ssl:1.40:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:apache-ssl:apache-ssl:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:apache-ssl:apache-ssl:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:apache-ssl:apache-ssl:1.42:*:*:*:*:*:*:*
- cpe:2.3:a:apache-ssl:apache-ssl:1.44:*:*:*:*:*:*:*
- cpe:2.3:a:apache-ssl:apache-ssl:1.45:*:*:*:*:*:*:*
- cpe:2.3:a:apache-ssl:apache-ssl:1.46:*:*:*:*:*:*:*
Mod Ssl/Mod SSL8 versions
cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:mod_ssl:mod_ssl:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_ssl:mod_ssl:2.8.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000