CVE-2002-0552

Melange Chat System - Buffer Overflow

Title source: rule

Description

Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DVDMAN · perldosmultiple

https://www.exploit-db.com/exploits/21379

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4509

[Third Party Advisory] http://www.iss.net/security_center/static/8842.php

[Vendor Advisory] http://www.securityfocus.com/bid/4510

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4508

[Patch, Vendor Advisory] http://www.iss.net/security_center/static/8845.php

[Third Party Advisory] http://www.iss.net/security_center/static/8846.php

[Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-04/0157.html

[Exploit] http://online.securityfocus.com/archive/1/267932

Scores

EPSS 0.0156

EPSS Percentile 81.6%

Details

Status published

Products (1)

melange/melange_chat_system 2.0.2_beta_2

Published Jul 03, 2002

Tracked Since Feb 18, 2026