Vulnerability Description
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nec | Socks 5 | <= 1.0r11 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0033.htmlExploit
- http://www.iss.net/security_center/static/9485.php
- http://www.securityfocus.com/bid/5145
- http://www.securityfocus.com/bid/5147
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0033.htmlExploit
- http://www.iss.net/security_center/static/9485.php
- http://www.securityfocus.com/bid/5145
- http://www.securityfocus.com/bid/5147
FAQ
What is CVE-2002-2368?
CVE-2002-2368 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in...
How severe is CVE-2002-2368?
CVE-2002-2368 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2368?
Check the references section above for vendor advisories and patch information. Affected products include: Nec Socks 5.