CVE-2002-0913

Slurp NNTP client 1.1.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0913. PoCs published by zillion.

AI-analyzed exploit summary This exploit demonstrates a format string vulnerability in the slurp NNTP client, allowing a malicious server to execute arbitrary code on the client by supplying a custom format string via syslog. The PoC uses a Perl one-liner to send a crafted NNTP response containing format specifiers.

Description

Format string vulnerability in log_doit function of Slurp NNTP client 1.1.0 allows a malicious news server to execute arbitrary code on the client via format strings in a server response.

Exploits (1)

exploitdb WORKING POC VERIFIED
by zillion · textdosfreebsd
https://www.exploit-db.com/exploits/21512

This exploit demonstrates a format string vulnerability in the slurp NNTP client, allowing a malicious server to execute arbitrary code on the client by supplying a custom format string via syslog. The PoC uses a Perl one-liner to send a crafted NNTP response containing format specifiers.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: slurp NNTP client (version not specified)
No auth needed
Prerequisites: Network access to the target client · slurp client configured to connect to a malicious NNTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_vuln-dev
http://marc.info/?l=vuln-dev&m=102323341407280&w=2
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9270.php
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0014.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4935

Scores

EPSS 0.0451
EPSS Percentile 90.3%

Details

Status published
Products (1)
stephen_hebditch/slurp 1.1.0
Published Oct 04, 2002
Tracked Since Feb 18, 2026