OpenSSL Security Advisory 20020730 - The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulnerability is exploitable. Exploit code is NOT available at this time. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled. Various buffers for ASCII representations of integers were too small on 64 bit platforms.
f9af83be02ac077e9b59190ae57ec592f7eb9e27cb03ce973e0d3f9558b73883