CVE-2002-1721

HIGH

Pldaniels Altermime - Denial of Service

Title source: rule

Description

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/8992

[Broken Link, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4650

[Release Notes] http://www.pldaniels.com/altermime/CHANGELOG

Scores

CVSS v3 7.5

EPSS 0.0141

EPSS Percentile 80.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-193

Status published

Products (2)

pldaniels/altermime 0.1.10

pldaniels/altermime 0.1.11

Published Dec 31, 2002

Tracked Since Feb 18, 2026