CVE-2002-1904
Description
Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5Patches
Vulnerability mechanics
Root cause
"A buffer overflow vulnerability exists in the Log function within util.c."
Attack vector
Remote attackers can execute arbitrary code by sending a long HTTP GET request to the vulnerable server. The exploit involves crafting a request that overflows a buffer, allowing an attacker to overwrite control data and redirect execution flow. Proof-of-concept code demonstrates that this vulnerability can be exploited by remote attackers [ref_id=1].
Affected code
The vulnerability is located in the Log function within the file util.c in GazTek ghttpd versions 1.4 through 1.4.3 [ref_id=1]. The provided exploit code targets this function by sending a crafted HTTP GET request that triggers the buffer overflow.
What the fix does
The advisory does not provide information about a patch or specific remediation steps. Therefore, the exact fix is not detailed. Users are advised to consult vendor advisories for the most up-to-date information on mitigation or patching.
Preconditions
- inputA long HTTP GET request.
- networkThe attacker must be able to send network requests to the vulnerable server.
Reproduction
The provided exploit code demonstrates how to trigger the buffer overflow by sending a crafted GET request. The exploit code includes shellcode and logic to connect to the target host, send the malicious request, and establish a shell [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.