CVE-2002-1347
high-risk
Published 2002-12-18
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Do I need to act?
~
10.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (3)
References (26)
Mailing List
http://marc.info/?l=bugtraq&m=103946297703402&w=2
Broken Link
http://www.debian.org/security/2002/dsa-215
Broken Link
http://www.securityfocus.com/advisories/4826
Broken Link
http://www.securityfocus.com/bid/6347
Broken Link
http://www.securityfocus.com/bid/6348
Broken Link
http://www.securityfocus.com/bid/6349
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812
Mailing List
http://marc.info/?l=bugtraq&m=103946297703402&w=2
Broken Link
http://www.debian.org/security/2002/dsa-215
Broken Link
http://www.securityfocus.com/advisories/4826
and 6 more references
52
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
11/34 · Low
Exposure
9/34 · Low