Critical severity9.8NVD Advisory· Published Dec 18, 2002· Updated Apr 16, 2026
CVE-2002-1347
CVE-2002-1347
Description
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- marc.infonvdMailing ListPatch
- www.securityfocus.com/advisories/4826nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/6347nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/6348nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/6349nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/10810nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/10811nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/10812nvdThird Party AdvisoryVDB Entry
- archives.neohapsis.com/archives/linux/suse/2002-q4/1275.htmlnvdBroken Link
- distro.conectiva.com/atualizacoes/nvdBroken Link
- lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlnvdMailing List
- www.debian.org/security/2002/dsa-215nvdBroken Link
- www.redhat.com/support/errata/RHSA-2002-283.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.