VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2272

CVE-2004-2272

Description

efFingerD 0.2.12 has a buffer overflow in sockFinger_DataArrival that crashes the daemon on a long finger command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

efFingerD 0.2.12 has a buffer overflow in sockFinger_DataArrival that crashes the daemon on a long finger command.

Vulnerability

A buffer overflow vulnerability exists in the sockFinger_DataArrival function of efFingerD version 0.2.12. The flaw is triggered when the daemon receives a finger command that exceeds the length of an internal fixed-size buffer, leading to memory corruption and a crash of the fingerd process [1].

Exploitation

An attacker can exploit this vulnerability remotely without any prior authentication or user interaction. By sending an overly long finger command to the target service on the default finger port (79/TCP), the attack causes the buffer overflow, resulting in immediate denial of service. No special network position or privileges are required [1].

Impact

Successful exploitation results in a denial of service due to the daemon crashing. There is no indication of code execution or privilege escalation; the impact is limited to service unavailability until the daemon is manually restarted [1].

Mitigation

No official patch or updated version has been released for this vulnerability. According to the advisory, users should consider disabling the finger service or using an alternative finger daemon to mitigate the risk [1].

References
  1. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.