CVE-2002-0666
CVE-2002-0666 is a medium-severity vulnerability in Frees Wan with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 2% (83rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Frees Wan
- Published:
- Last modified:
Description
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
Frequently asked questions
- What is CVE-2002-0666?
- IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
- How severe is CVE-2002-0666?
- CVE-2002-0666 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2002-0666 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (83rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2002-0666?
- CVE-2002-0666 primarily affects Frees Wan. In total, 28 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2002-0666?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2002-0666 published?
- CVE-2002-0666 was published on 2002-11-04 and last updated on 2026-06-16.
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
- http://razor.bindview.com/publish/advisories/adv_ipsec.html
- http://www.debian.org/security/2002/dsa-201
- http://www.iss.net/security_center/static/10411.php
- http://www.kb.cert.org/vuls/id/459371
- http://www.securityfocus.com/bid/6011
Affected products (28)
- cpe:2.3:a:frees_wan:frees_wan:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:frees_wan:frees_wan:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:frees_wan:frees_wan:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:frees_wan:frees_wan:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:frees_wan:frees_wan:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:frees_wan:frees_wan:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:frees_wan:frees_wan:1.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*
- cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.1:*:*:*:*:*:*:*
- cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.2:*:*:*:*:*:*:*
- cpe:2.3:h:global_technology_associates:gnat_box_firmware:3.3:*:*:*:*:*:*:*
- cpe:2.3:h:nec:bluefire_ix1035_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec:ix1010:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec:ix1011:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec:ix1020:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec:ix1050:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec:ix2010:*:*:*:*:*:*:*:*
More vulnerabilities in Frees Wan
- CVE-2004-0590 — Critical (CVSS 10.0): FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x…
- CVE-2005-3671 — High (CVSS 7.8): The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in…