CVE-2002-0900

MIT PGP Public Key Server - Buffer Overflow via Long Search Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0900. PoCs published by Max.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in the PGP Public Key Server by sending a long search string. The vulnerability is difficult to exploit due to input sanitization but can potentially overwrite stack variables.

Description

Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Max · textdoslinux
https://www.exploit-db.com/exploits/21482

This exploit demonstrates a buffer overflow vulnerability in the PGP Public Key Server by sending a long search string. The vulnerability is difficult to exploit due to input sanitization but can potentially overwrite stack variables.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: PGP Public Key Server (MIT distribution)
No auth needed
Prerequisites: Network access to the PGP Public Key Server · Server running on port 11371
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
http://www.rubin.ch/pgp/src/patch_buffoverflow20020525
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9171.php
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/274107
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4828

Scores

EPSS 0.0580
EPSS Percentile 92.1%

Details

Status published
Products (2)
mit/pgp_public_key_server 0.9.2
mit/pgp_public_key_server 0.9.4
Published Oct 04, 2002
Tracked Since Feb 18, 2026