Critical severity9.8NVD Advisory· Published Dec 18, 2002· Updated Jun 16, 2026
CVE-2002-1347
CVE-2002-1347
Description
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <=2.1.9
Patches
Vulnerability mechanics
References
13- marc.infonvdMailing ListPatch
- www.securityfocus.com/advisories/4826nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/6347nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/6348nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/6349nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/10810nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/10811nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/10812nvdThird Party AdvisoryVDB Entry
- archives.neohapsis.com/archives/linux/suse/2002-q4/1275.htmlnvdBroken Link
- distro.conectiva.com/atualizacoes/nvdBroken Link
- lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlnvdMailing List
- www.debian.org/security/2002/dsa-215nvdBroken Link
- www.redhat.com/support/errata/RHSA-2002-283.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.