9.8

CVE-2002-1347

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CyrusimapCyrus Sasl Version <= 2.1.9
ApplemacOS X Version < 10.3.8
ApplemacOS X Server Version < 10.3.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.08% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html
Broken Link
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
Broken Link
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Mailing List
http://marc.info/?l=bugtraq&m=103946297703402&w=2
Patch
Mailing List
http://www.debian.org/security/2002/dsa-215
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-283.html
Broken Link
http://www.securityfocus.com/advisories/4826
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/6347
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/6348
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/6349
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812
Third Party Advisory
VDB Entry